Salesforce's Product Security Assurance team aims to make people's working lives more secure by protecting infrastructure, operations, and customer data. The role seeks to ensure low friction, high impact security across all operations and enable developers to deliver new features securely, while eliminating entire classes of vulnerabilities.
Requirements
- Experience in security testing of web applications and native apps including Electron and iOS and Android mobile applications.
- Deep understanding of web application architecture and design principles
- Experience with Threat Modeling applications using STRIDE or similar framework.
- Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP, HackLang
- Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Snyk, and/or Semgrep
- Knowledge of authentication mechanisms like SAML, OAuth, etc.
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
Responsibilities
- Contributing security-focused feedback to engineers during all phases of the development lifecycle
- Performing technical security assessments on our web applications, native clients, internal services, and partner applications
- Seeking out opportunities to automate processes when appropriate
- Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
- Maintaining and creating secure development practices and programs for our engineering teams and external developers
- Identifying emerging classes of vulnerabilities and developing solutions for them before they’re a problem
- Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources
Other
- Scaling the impact of our team through direct mentorship of our more junior team members
- Acting as an ambassador for security within Slack
- Serving as a public representative for security at Slack by engaging periodically in internal and external speaking engagements
- Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
- Ability to see patterns, commonalities and investigate complex issues
