Lead Vulnerability Management Engineer

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Salesforce is seeking to expand our Vulnerability Management team. This team is dedicated to ensuring Salesforce remains the most secure and compliant enterprise cloud solution. As a Vulnerability Management Engineer, you will collaborate with various teams and application owners, leveraging your understanding of various Operating Systems, Network technologies, and open source software.

As a key member of our team, you will be on the front lines of the Salesforce production environment, the largest SaaS platform globally. Your role will involve protecting our critical infrastructure and proactively defending our customers data. Responsibilities include operational tasks such as scanning, reporting on vulnerabilities, assisting teams with remediation, developing tools and detections, and monitoring the latest trends and exploits in the vulnerability landscape.

Your Impact:

- Participate in rapid response to emerging threats and vulnerabilities
- Continuously monitor emerging threats and vulnerability disclosures to proactively identify and assess potential impacts on the organization
- Document findings and risks in executive summaries to facilitate clear communication with stakeholders
- Collaborate with engineering and operations teams to develop and implement effective remediation strategies, ensuring vulnerabilities are addressed in a timely manner
- Lead the integration of vulnerability scanning and management tools to streamline processes and improve overall efficiency
- Provide guidance and mentorship to junior security engineers and analysts, fostering a culture of continuous learning within the team

Responsibilities:

- Conduct system vulnerability assessments to identify impact and risk to the organization
- Develop vulnerability detections to ensure vulnerabilities are accurately identified
- Coordinate security incident response with other teams across the company and externally as required
- Design and develop tools to automate operations or reporting tasks
- Support security control gap analysis for new architectures or public cloud substrates

Your Experience:

- 9+ years of Experience in infrastructure, automation, and/or quality in the vulnerability management, penetration testing, or security research space
- Deep understanding of Windows, Linux, macOS, and Unix-based systems
- Familiarity with scanning and vulnerability testing fundamentals (open source scanners, TCP/IP and networking protocols, pen testing tools)
- Ability to work with multiple customers, context switch, learn quickly, and communicate effectively
- Understanding of container technologies (Docker, Kubernetes)
- Awareness of third-party libraries and supply chain threats
- Familiarity with public cloud resource types (S3, KMS, eCDN)
- Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec)
- Experience securing large-scale web applications from various threats (XSS, CSRF, SSRF)
- Significant experience with common vulnerability and cloud security tools such as Tenable, Qualys, Wiz, Prisma, Aqua, etc.
- Strong communication skills

Bonus Points:

- Security-based credentials highly desired (SSCP, GIAC GCUX, GSEC, GCED, GCIH, GCIA)
Nice to Haves:
- Significant experience with common open source security software such as Nuclei, OpenVAS, and Nmap
- Experience writing scripts and automation (Perl, Go, Shell, Python)
- Incident response and/or threat modeling experience
- Experience writing security white papers and/or presenting at industry security conferences and events

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and, and our AI agents accelerate your impact so you can. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this .

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.