SalesforceRemote
Senior Practices Director – Technical Security Assessment
Illinois, United States of America
Full Time
3 hours ago
$191,100 - $320,600 USD
H1B Sponsor
Key skills
AWSAzureCloudGoogle Cloud PlatformJavaJavaScriptPythonGCPGoogle CloudOAuthSAMLSaaSSalesforceCI/CDOWASPNetwork SecurityCloud Security
About this role
Role Overview
- Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps.
- Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware.
- Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice.
- Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile).
- Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility.
- Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines.
- Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale.
- Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.
Requirements
- 10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).
- Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.
- Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.
- Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.
- Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).
- Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.
- Certifications (Candidates should possess one or more of the following): CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth. CCSP (Certified Cloud Security Professional) – Critical for understanding SaaS/PaaS security models. OSCP (Offensive Security Certified Professional) or GPEN – Demonstrates hands-on "hacker mindset" and technical capability. GWAPT (GIAC Web Application Penetration Tester) CISM (Certified Information Security Manager).
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Java
- JavaScript
- Python
Benefits
- time off programs
- medical
- dental
- vision
- mental health support
- paid parental leave
- life and disability insurance
- 401(k)
- employee stock purchasing program