We're looking for deep expertise in at least one of these areas, with the ability to grow across others. We have multiple openings and are looking for talent at various levels. As we get to know you through the interview process, we'll work together to identify the best fit matching your expertise and interests with the specific role and level (Senior, Lead, or Principal) that makes the most sense for both you and the team.

Role Overview

We are seeking a highly skilled offensive security professional to join our elite team. This role is ideal for someone who thrives on breaking systems, finding creative attack paths, and using their findings to drive meaningful security improvements across Salesforce's products and infrastructure.

You will work alongside some of the best minds in security, operating with significant autonomy and impact. Whether you specialize in deep application level penetration testing, red teaming, security research or vulnerability discovery, we want to hear from you—you don't need to be an expert in all three domains. What unites these roles is a relentless attacker mindset, a drive to find and demonstrate real-world impact, and the ability to translate offensive findings into lasting security improvements.

Responsibilities

Conduct advanced penetration testing, red team operations, or security research targeting Salesforce's cloud infrastructure, applications, and services
Discover, exploit, and document security vulnerabilities using creative and methodical approaches
Develop custom tools, exploits, and attack techniques to simulate real-world adversaries
Collaborate with product teams to remediate vulnerabilities and improve secure design practices
Contribute to the maturity of our offensive security program through automation, tooling, and process improvements
Mentor and share knowledge with team members, fostering a culture of continuous learning
Present findings and security insights to technical and executive audiences
Stay ahead of emerging threats, attack techniques, and offensive security tradecraft

Required Qualifications

5+ years of hands-on experience in offensive security (Senior), 7+ years (Lead), or 10+ years (Principal).
Deep, demonstrable expertise in at least one of the following domains: penetration testing, red teaming, application security research, or vulnerability discovery, with strong foundational knowledge and willingness to learn across other offensive security disciplines.
Proven ability to identify and exploit complex vulnerabilities in web applications, APIs, cloud environments, or infrastructure.
Strong programming/scripting skills (e.g., Python, Go, Bash, PowerShell) for tooling and automation.
Deep understanding of attack frameworks (MITRE ATT&CK), common vulnerability classes (OWASP, CWE), and exploitation techniques.
Excellent written and verbal communication skills, with the ability to clearly document technical findings.
Self-motivated, intellectually curious, and comfortable working independently or as part of a team.

Preferred Qualifications

Experience in cloud security (AWS, GCP, Azure) and containerized environments (Kubernetes, Docker).
Background in offensive security research, including CVE discoveries or contributions to security tools.
Familiarity with CI/CD pipeline security, supply chain attacks, or infrastructure-as-code security.
Experience with social engineering, physical security testing, or adversary simulation.
Active participation in the security community (bug bounties, CTFs, conferences, open-source contributions).
Relevant certifications (OSCP, OSCE, OSWE, GXPN, or equivalent).

Benefits & Perks:

Check out our benefits site which explains our various benefits, including wellbeing reimbursement, generous parental leave, adoption assistance, fertility benefits, and more.

Open to Flex (1-3 days/week in the office), or Office-Based (4-5 days/week in the office)

*IN SCHOOL OR GRADUATED WITHIN THE LAST 12 MONTHS? PLEASE VISIT FUTURE FORCE FOR OPPORTUNITIES*

See more open positions at Own Company

Privacy policy Cookie policy