Description
Salesforce is seeking to expand our Vulnerability Management team. This team is dedicated to ensuring Salesforce remains the most secure and compliant enterprise cloud solution. As a Vulnerability Management Engineer, you will collaborate with various teams and application owners, leveraging your understanding of various Operating Systems, Network technologies, and open source software.
As a key member of our team, you will be on the 'front lines' of the Salesforce production environment, the largest SaaS platform globally. Your role will involve protecting our critical infrastructure and proactively defending our customers' data. Responsibilities include operational tasks such as scanning, reporting on vulnerabilities, assisting teams with remediation, developing tools and detections, and monitoring the latest trends and exploits in the vulnerability landscape.
Your Impact:
- Participate in rapid response to emerging threats and vulnerabilities
- Continuously monitor emerging threats and vulnerability disclosures to proactively identify and assess potential impacts on the organization
- Document findings and risks in executive summaries to facilitate clear communication with stakeholders
- Collaborate with engineering and operations teams to develop and implement effective remediation strategies, ensuring vulnerabilities are addressed in a timely manner
- Lead the integration of vulnerability scanning and management tools to streamline processes and improve overall efficiency
- Provide guidance and mentorship to junior security engineers and analysts, fostering a culture of continuous learning within the team
Responsibilities:
- Conduct system vulnerability assessments to identify impact and risk to the organization
- Develop vulnerability detections to ensure vulnerabilities are accurately identified
- Coordinate security incident response with other teams across the company and externally as required
- Design and develop tools to automate operations or reporting tasks
- Support security control gap analysis for new architectures or public cloud substrates
Your Experience:
- 9+ years of Experience in infrastructure, automation, and/or quality in the vulnerability management, penetration testing, or security research space
- Deep understanding of Windows, Linux, macOS, and Unix-based systems
- Familiarity with scanning and vulnerability testing fundamentals (open source scanners, TCP/IP and networking protocols, pen testing tools)
- Ability to work with multiple customers, context switch, learn quickly, and communicate effectively
- Understanding of container technologies (Docker, Kubernetes)
- Awareness of third-party libraries and supply chain threats
- Familiarity with public cloud resource types (S3, KMS, eCDN)
- Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec)
- Experience securing large-scale web applications from various threats (XSS, CSRF, SSRF)
- Significant experience with common vulnerability and cloud security tools such as Tenable, Qualys, Wiz, Prisma, Aqua, etc.
- Strong communication skills
Bonus Points:
- Security-based credentials highly desired (SSCP, GIAC GCUX, GSEC, GCED, GCIH, GCIA)
Nice to Haves:
- Significant experience with common open source security software such as Nuclei, OpenVAS, and Nmap
- Experience writing scripts and automation (Perl, Go, Shell, Python)
- Incident response and/or threat modeling experience
- Experience writing security white papers and/or presenting at industry security conferences and events