Senior Practices Director - Technical Security Assessment Leader

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Bring Your Security Mindset to the World's #1 CRM. We are building a dedicated Salesforce Security Practice and looking for a Senior Security Architect to join as a Founding Member.

We are looking for a true security practitioner-someone who understands the DNA of Cloud, SaaS, and full-stack Application Security. You bring deep expertise in Incident Response, Threat Modeling, and Infrastructure Security; we will teach you the Salesforce platform. This is a unique opportunity to cross-train into a high-demand ecosystem while applying rigorous security standards to the top 1,000 enterprise environments. This will be a customer-facing role to help our customers understand and uplift their last-mile security obligations.Key Responsibilities

1. Strategic Advisory

• Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps.

• Supply Chain Risk: Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware.

• Standards Definition: Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice.

2. Architecture, Assessment & Testing

• Full-Stack Assessments: Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile).

• Threat Modeling: Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility.

3. DevSecOps & Engineering

• Secure SDLC: Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines.

• Automation: Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale.

• Identity Architecture: Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.

Required Experience:

• 10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).

• Assessment Tooling: Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.

• Code Review: Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.

• Cloud Fluency: Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.

• Prior Big-4 or relevant customer facing consulting experience is a plus.

Technical Skills:

• Protocols: Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).

• Exploit Mitigation: Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.

Certifications (Candidates should possess one or more of the following):

• CISSP (Certified Information Systems Security Professional) - Demonstrates senior-level architectural breadth.

• CCSP (Certified Cloud Security Professional) - Critical for understanding SaaS/PaaS security models.

• OSCP (Offensive Security Certified Professional) or GPEN - Demonstrates hands-on "hacker mindset" and technical capability.

• GWAPT (GIAC Web Application Penetration Tester)

• CISM (Certified Information Security Manager)

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.

Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates' resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.