Products and Technology
The Security Engineering team is looking for an experienced software developer to design and develop cloud platforms for performing automated code and package security analysis.
Our mission is to build highly-available and highly-scalable distributed systems operating as a cloud platform-as-a-service (PaaS) that is capable of performing software security testing (including AST / DAST) using state-of-the art security tools, to assess the risk associated with the tested software, and to automate workflows for driving remediation of the findings.
You will build a critical piece of our release pipelines while also helping engineers identify security flaws in their code through a cloud PaaS.
Your system will support both internal code as well as external software packages that run in the Salesforce ecosystem, providing significant outreach and business impact.
This is a great opportunity for ambitious engineers who want technical growth in both distributed systems development and application security vulnerabilities, while operating on a large scale cloud platform.
Architect and implement software platforms to provide automated static / dynamic application security testing to Salesforce’s public and private software components.
Architect and implement software platforms integrated with open source software scanners (e.g., Sonatype's Nexus, Veracode), to provide automated validation and access to security flaw analysis
Integrate these platforms with Salesforce’s public and internal code management pipelines.
Advance and operate these security scanning platforms in a full DevOps model
Work with security engineers to build software systems for risk assessment, threat modeling and fixing vulnerabilities based on security scanners results
Operate in an Agile development environment, including participating in daily scrums
Support the team’s engineering excellence by performing code reviews and mentoring junior team members
Required Skills / Experience
Industry experience. 8+ years, including :
3+ years experience in SaaS, PaaS or IaaS software development
3+ years experience in a high-availability 24 / 7 environment (cloud platforms are a plus)
Education. M.Sc / M.Eng in Computer Science / Engineering or B.A / B.Sc. in same disciplines with equivalent years of experience
Distributed systems. Expertise in designing, implementing and operating distributed systems architectures and concepts, especially on public cloud infrastructure (AWS / GCP).
Expertise should include several of the following :
High-performance, high-availability (99.999%) and self-recoverable systems
Control, orchestration and automation platforms leveraging containers or VMs
RPC frameworks (e.g., Protobuf / gRPC, Thrift, Bond)
Consensus and consistency frameworks (e.g., Paxos, Raft, eventual consistency)
Storage solutions, in particular MySQL (e.g., Cassandra, MongoDB, Hadoop, Redis, Zookeeper)
Data-processing systems (e.g., Lambda architecture, Kafka, RabbitMQ, ELK)
Programming. Proficiency in object-oriented and multi-threaded programming in at least one of the following languages : Golang, Java, C++, Python
Software design. Demonstrated expertise in applying systems patterns (e.g., Client-server, N-tier, Master / Slave, MVC) and API constructions (e.g., Swagger, OpenAPI)
Operating systems. Development and software management on Windows and Linux systems (e.g., CentOS, RHEL)
Security. Strong knowledge in security fundamentals : authentication / authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.
g., SSL, TLS), identity management (e.g., certificates, PKI), code signing
DevOps mindset and strong ownership over owned code (test, monitor, deploy, maintain)
Communication. Excellent oral and written communication skills
Team. Ability to value team success beyond personal contributions
Desired Skills / Experience
Open-source Scanning. Experience scanning open source software (OSS) and understanding flaw reports using component integration tools (e.
g., Sonatype's Nexus, Veracode, Black Duck, Snyk)
SAST / DAST. Hands-on experience using or managing Static / Dynamic Application Security Testing tools (e.g, CheckMarx, Veracode, HP Fortify, Coverity, IBM AppScan, Parasoft, Klocwork, CodeSonar, Burp)
CI / CD. Experience with continuous integration and delivery tools (e.g., Jenkins, AWS CodePipeline, AWS CodeBuild)
Familiarity with source code management and version control systems (git, perforce)
Experience with code signing and build management tools (make, SCons, ant).
Hands-on experience with container technologies (e.g., Docker, Kubernetes)
A little about us
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way.
The company was founded on three disruptive ideas : a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model.
These founding principles have taken our company to great heights, including being named one of Forbes’s World’s Most Innovative Company five years in a row and one of Fortune’s 100 Best Companies to Work For eight years in a row.
We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce.
Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world!