Senior Manager, Product Security - AppExchange

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

The Security Assurance team is responsible for the security efforts for the AppExchange applications and Salesforce products. We are looking for a passionate manager who is subject matter expert in multiple security domains, and has managed a team of security engineers. The mission of the role is to help us maintain a trusted AppExchange marketplace.

We are very excited about hiring the first Security Assurance Team manager in India! You will be a Sr Manager, with a dual Individual Contributor and Manager responsibilities initially. As part of your management responsibilities, you will hire a team, and mentor them. You will help secure the AppExchange marketplace by conducting security reviews (design reviews, code reviews, security testing), and providing remediation guidance to Salesforce partners and Independent Software Vendors (ISVs). You will develop in-depth knowledge of the core Salesforce platform and how to build secure applications on the platform.

Key responsibilities

• Hire, mentor, and grow the local team.

• Become a security subject matter expert (SME) in Salesforce technologies including Apex, Lightning Web Components, Aura, and Visualforce.

• Perform design reviews, code reviews and security testing of AppExchange marketplace applications.

• Work with Partners and Independent Security Vendors and help them write secure AppExchange applications.

• Continuously improve the AppExchange security review processes.

• Identify and execute automation opportunities that help scale the security review process.

Key competencies

• Strong people focus, and must have 3-5 years of people management experience.

• 8-10 years of experience with black box, grey box, and white box security/penetration testing of web applications, APIs, mobile applications and more.

• Should be fluent with manual and automated code reviews to spot security issues.

• Should have a good understanding of OAuth, SOAP and REST protocols.

• Experience with performing threat modeling and architecture reviews.

• Capability to look at the big picture/architecture and propose strategic security solutions.

• Some experience with public cloud infrastructure security protections and weaknesses

• Strong working knowledge of web application development and architecture, HTTP, and TLS.

• Self-driven, passionate, and independent.

• Be able to act as a multiplier via junior team members to accomplish more than the sum total of individual efforts.

• Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.

• Scripting skills (our primary languages are Java, Ruby, Python, Go, but we’ll happily speak to candidates with other language backgrounds.)
  

Technologies

Strong candidates will have worked with some of these and/or similar technologies:

• Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.

• Languages - one or more of: Ruby, Python, Java, Go, Shell, JavaScript, both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).

• Modern web technologies - Ember.js, Angular, React, Socket.io/Websockets.

• Experience with Salesforce technologies is a plus.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org .

Salesforce welcomes all.