Description
About the Role
- We are seeking a Senior Director of Penetration Testing & AI Exploitation to lead and scale a focused offensive security function dedicated to deep technical penetration testing and advanced AI/ML exploitation across our products and platforms.
- This role owns the strategy, execution, and evolution of manual, research-driven penetration testing and AI-specific attack discovery, ensuring high-risk vulnerabilities are identified early, validated rigorously, and translated into clear, actionable remediation guidance for engineering teams.
- The mandate is depth over breadth: fewer assessments, higher quality findings, and meaningful reduction of systemic risk—especially in AI-powered and data-driven systems.
Key Responsibilities
- Penetration Testing Leadership
- Own and execute the global penetration testing strategy across applications, APIs, cloud services, and shared platforms.
- Drive deep, manual, and white-box testing for high-risk products, features, and architectural changes.
- Ensure penetration testing goes beyond checklists, focusing on real exploitability and impact.
- Establish standardized scoping, rules of engagement, reporting quality, and validation practices.
- AI Exploitation & Security Research
- Lead AI/ML exploitation efforts, focusing on vulnerabilities in:
- LLM-powered features and agents
- Prompt injection, indirect prompt abuse, and tool misuse
- Model data leakage, training data exposure, and inference-time attacks
- Authorization, trust-boundary, and privilege escalation flaws in AI workflows
- Drive original offensive research into emerging AI attack techniques and publish internal research artifacts to guide engineering defenses.
- Partner with AI platform and product teams to influence secure-by-design patterns for AI systems.
- Program Execution & Quality
- Ensure all findings are:
- Reproducible and technically validated
- Clearly prioritized by risk and exploitability
- Accompanied by precise remediation guidance, including short- and long-term fixes for systemic issues
- Track remediation progress and validate fixes for high-risk findings.
- Organizational Leadership
- Build and lead a high-caliber team of senior penetration testers and AI security researchers.
- Define role expectations, technical bars, and career progression for pentest and AI exploitation specialists.
- Own hiring strategy, vendor augmentation (where appropriate), and budget for the function.
- Cross-Functional Partnership
- Partner closely with:
- Product Security and Engineering teams during design, pre-GA, and major architectural shifts
- Platform and AI infrastructure teams to assess shared services and foundational components
- Provide expert guidance to leadership on pentest risk, AI exploitation trends, and systemic exposure.
Required Qualifications
- 12+ years of experience in penetration testing, offensive security, or vulnerability research, including leadership of senior technical teams.
- Deep hands-on expertise in:
- Application, API, cloud, and platform security
- Advanced exploit chains and logic flaws
- Demonstrated experience testing or attacking AI/ML systems, LLM-based features, or data pipelines.
- Strong ability to translate complex technical findings into clear engineering actions and leadership narratives.
Preferred Qualifications
- Background in vulnerability discovery or offensive security research.
- Experience assessing AI agents, autonomous workflows, or model-integrated products.
- Experience integrating automation or AI-assisted techniques into penetration testing workflows.
- Security research publications, talks, or tooling contributions (internal or external).
For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.