Software Engineering Architect - Secrets Team

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Trust is the #1 thing we value at Salesforce. Salesforce.com hosts web services and applications written by thousands of internal developers and tens of thousands of customers to provide the largest SaaS platform on the planet.
Our Security Software Engineering teams build and operate highly scalable, fault-tolerant, distributed systems to deliver cloud-scale security software services. We provide the fundamental building blocks to improve and preserve customer trust in Salesforce's products across multiple public cloud substrates and our own private cloud infrastructure. We use many open source technologies, including Big Data, machine learning, no-SQL databases, containers, Kubernetes, Istio to architect and implement our services, to protect Salesforce products/infrastructure and defend against malicious attacks. Our products' extensive complexity requires our software engineers to be highly adaptive, leverage new technologies and methodologies and have the strong ability to deliver reliable software services under pressure. You will have the unique opportunity to work with the best security experts in the industry.

Some key investments in the Security Software Engineering org include:
Security Foundation Services:
Develop and deliver reliable and scalable foundational services. These key building blocks - like key and secret management systems, PKI (public key infrastructure), service-to-service authN/authZ and data encryption - enable the security of all other services and permit the protection of our customer data.
Identity and Access:
Design and implement consistent and scalable identity and access services for all of Salesforce, integrating our IT network, public cloud infrastructure, and our own data centers, and empowering all our engineers to operate these environments in a secure manner.
Threat Detection and Response Services:
Develop highly scalable, automatic and flexible defense system integrating extensive data collection, big data processing, machine learning detection, automatic response, and automatic mitigation across all our data centers, IT infrastructure and public cloud environments.
Threat and Vulnerability Management Engineering:
Design, development and implement scalable vulnerability management infrastructure for all of Salesforce, integration of diverse assets data within data centers, public cloud infrastructures, IT network, and provide threat / risk reporting.
Secure Software Development Lifecycle:
Under this umbrella, we design, build and deliver highly available, disaster proof, public cloud hosted services for the entire Salesforce developer community and increase the security of Salesforce's products. Just a few of these include Credentials Scanning as a Service (find secrets and credentials hidden in our source code), Container Scanning as a Service (ensure that the container images being deployed to different substrates are free of vulnerabilities), 3PP as a Service (ensure that we do not inherit a third party developer's security vulnerabilities), Static Code Analysis as a Service (ensure that Salesforce's own code is free of security Vulnerabilities). These projects are all targeted directly at the developer community and have various touch points including integration with various CI and SCM systems.
Continuous Security Monitoring (CSM):
CSM is a continuous process of evidence collection, comparison of evidence to a known standard, and flagging divergence thereby assuring operating effectiveness of security controls. This involves collecting bits of data from endpoints (we've worked with OSQuery and Tanium), pumping that into a data lake (Kafka endpoints with a Hadoop/Hbase over S3 storage), dockerized containers for the backend and job scheduling and finally working that data into Salesforce Objects for dashboards and analytics.
Network Security:
The Network Security Engineering team is building a new internal cloud platform for various network security controls and management. Our mission is to develop highly-available and performant distributed systems to provide security at the network level in our private and public clouds, including micro-segmentation, network policy distribution, access control at host/device level, distributed firewall and DDoS prevention. Our scope is a wide range of compute substrates, including bare metal hosts, VMs, and containers.

In the role of Software Architect for Secrets Management, you will lead the architecture roadmap for Salesforce's secrets management solution, be authoritative on the soundness and tradeoffs for the team's technical decisions, be a significant evangelist for the latest, most relevant technologies and security engineering standard processes, and mentor leaders of the teams that define and implement secure software, tools, and processes to run our distributed services that span all current and future Salesforce clouds. You will lead multiple initiatives in parallel including but not limited to setting the standard on scalability, availability and latency response of the services our team owns, identifying components that need refactoring and laying out the technical path along with pros and cons and effort estimates, guiding team members to drive service adoption across all the public cloud substrates and our own private cloud infrastructure, and other exciting large-scale initiatives.

Primary Responsibilities:

• Experience and passion for service ownership, building scalable, reliable/self-healing services.
• Lead architecture roadmap for IAC (Infrastructure as Code) on public cloud
• Lead architecture and design for public cloud security services specially in public cloud
• Lead architecture roadmap for foundation security services
• Security and privacy primitives including understanding of cryptography concepts.
• Follow trends in technology and apply new security approaches for device-identity, authentication, attestation, key-storage, and management.
• Prototype new features that will enable and secure both real-time and non-realtime peer-to-peer communication over heterogeneous networks.

Qualifications:

• Ph.D. or Masters in Computer Science, Electrical Engineering, or equivalent
• 10+ years of hand-on experience working in a security-focused role in the technology or other technology-heavy industry.
• 5+ years experience in development in public cloud environments
• Experience with IAC (Infrastructure as Code)
• Experience with public cloud security services
• Experience with container technologies (e.g., Docker, Kubernetes)
• Experience with cloud computing architectures and the associated security designs and challenges
• Hands-on experience and active coding skills using at least one of Golang, Java, C#, Python, Rust, C/C++
• Experience with the Secrets Management space, PKI/X509 and OWASP
• Knowledge working with non-relational and relational databases including AWS DynamoDB, Cassandra and Postgres
• Familiar with open source technologies (prior experience with Hashicorp Vault is a plus)
• Experience with big data and pipeline technologies, such as Hadoop, Kafka
• Good knowledge with operating systems (Linux, Mac, and Windows) and associated shell scripting
• Good knowledge with network technologies, such as TCP/IP, DNS or load balancers
• Experience at Scrum or other agile development methodologies, with attention to code quality, delivering secure code.
• Skilled in implementing secure modern Identity and Access Management (IAM)
• In-depth knowledge of common application and infrastructure security vulnerabilities and mitigations
• Experience implementing zero trust security models
• Strong cross-functional leadership and team building skills
• Experience engaging with customers regarding security
• Excellent verbal and written communication skills

Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. We are the fastest growing of the top 10 enterprise software companies, the World's Most Innovative Company according to Forbes, and one of Fortune's 100 Best Companies to Work For six years running. The growth, innovation, and Aloha spirit of Salesforce are driven by our incredible employees who thrive on delivering success for our customers while also finding time to give back through our 1/1/1 model, which leverages 1% of our time, equity, and product to improve communities around the world. Salesforce is a team sport, and we play to win. Join us!

*LI-Y

If you require assistance due to a disability applying for open positions please submit a request via this .

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. and do not accept unsolicited headhunter and agency resumes. and will not pay any third-party agency or company that does not have a signed agreement with or .

Salesforce welcomes all.