To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Director Software Engineering, Runtime Threat and Vulnerability Management

The Security Engineering and Operations organization is hiring a Director to lead the organization in charge with vulnerability detection in running applications and hardware.

The mission of the Runtime Threat and Vulnerability Management is to build highly-available and performant distributed systems, capable of continuously scrutinizing deployed applications, hardware devices and infrastructure substrate for threats and vulnerabilities.

Our dynamic vulnerability scope covers multiple functions including DAST scanning of applications, infrastructure vulnerability detection and continuous monitoring of public cloud posture. We also support a diverse ecosystem of resources, including millions of containers/VM/hardware devices, on-prem and public cloud infrastructure (AWS, Azure, GCP, Alibaba).

As an engineering leader, you will handle a geo-distributed organization of developers and devops engineers that is responsible for designing, implementing and running such innovative security platforms. You will be responsible for mentoring and growing a strong leadership team, and hiring and retaining the best management, development and security talent around. You will drive a progressive expansion to a premier runtime vulnerability management for the largest SaaS platform in the world.

Responsibilities

• Develop the program and product strategy for vulnerability detection and management for owned portfolio, in partnership with product management

• Drive vulnerability management integrations with Salesforce internal business partners, facilitating and uplifting security coverage

• Drive design and implementation of innovative distributed software platforms for continuous assessment of threats and vulnerabilities, risk and policy compliance across Salesforce software and hardware assets, in private and public clouds

• Drive integration of vendored solutions for vulnerability management in the Salesforce infrastructure and implement their control plane as fully-autonomous platforms

• Grow a culture of full-service ownership model following Agile methodologies with a keen attention to engineering and operational excellence

• Lead owned services in a 24/7 runtime environment, including driving investigations to resolution

• Hire, train and assess the performance of direct reports according to corporate policies and procedures

• Assist in the growth of employees through coaching, training and career development activities

• Interact with industry guides, vendors, partners, internal staff and auditors to bring in innovative solutions in the vulnerability management space, and contribute to the security community

• Work effectively as part of a geographically distributed team

Required Expertise

• Industry experience. 10+ years of experience in software development, including:

  • 5+ years experience in SaaS, PaaS or IaaS software development

  • 5+ years experience in a high-availability 24/7 environment (cloud platforms are a plus)

• Management experience. 3+ years of people management. Leading multi-functional teams (development, operations) is a strong plus.

• Program and product strategy. Demonstrated track of establishing visions for enterprise-wide programs/products and driving delivery using SMART OKRs.

• Platform development. Confirmed track of designing and delivering large-scale PaaS or IaaS systems, especially for public cloud providers (e.g., AWS, Azure, GCP). DevOps approach and strong ownership over owned code (test, monitor, deploy, maintain)

• Engineering excellence. Deep experience in operating with engineering excellence scrutiny, including setting engineering operational and functional metrics and continuously monitoring them to uplift your orgs practices.

• Agile. Prior experience leading teams using agile methodologies (Scrum, Kanban)

• Security awareness. Solid fundamentals in security basics (IAM, Data Protection, PKI, Network Security). Expertise implementing and operating vulnerability management solutions for applications and infrastructure is a plus.

Desired Skills/Experience

• Public Cloud. Experience in delivering solutions in public cloud platforms, such as AWS, GCP, Azure or Alibaba, and solid knowledge of the public cloud technologies.

• Distributed systems. Expertise in designing, implementing and operating autonomous and performant distributed systems at scale with high-availability (99.999%). Examples of such systems include:

  • Control, orchestration and automation platforms using containers or VMs

  • Storage solutions, in particular MySQL (e.g., Cassandra, MongoDB, Hadoop, Redis, Zookeeper)

  • Consensus and consistency frameworks (e.g., Paxos, Raft, eventual consistency)

  • Data-processing systems (e.g., Lambda architecture, Kafka, RabbitMQ, ELK)

  • RPC frameworks (e.g., Protobuf/gRPC, Thrift, Bond)

• Software design. Demonstrated expertise in applying systems patterns (e.g., Client-server, N-tier, primary/secondary, MVC) and API constructions (e.g., Swagger, OpenAPI)

• Vulnerability scanners. Experience operating or implementing endpoint vulnerability scanning systems, including vendors such as Tenable, Qualys, Rapid 7.

• DAST experience. Experience operating or implementing DAST techniques (web app scanning, fuzzing), including operating with tools such as WhiteHat, Burp, OWASP Zap, NMap.

• Government space experience. Prior experience in implementing and running systems under FedRAMP/FISMA, DoD IL requirements is desired.

• Certifications. Security based credentials (SSCP, GIAC GCUX, GSEC, GCED, GCIH, GCIA, etc) are a plus

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

Tableau helps people see and understand data. Our analytics platform fuels exploration, allowing you to quickly answer questions with data and share insights across your organization. Global enterprises, early-stage startups, nonprofits, and governments all use Tableaus intuitive software to quickly transform their data into actionable insights. We are passionate about our product and our mission and we are loyal to each other and our company. We value work/life balance, efficiency, simplicity, freakishly friendly customer service, and making a difference in the world!