Lead Engineer - Java Security - Core Platform

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Software Engineering

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

Overview of the Role 

Core Platform team designs, develops and delivers core runtime technologies that power Salesforce architecture; improve site latencies, scalability and overall customer experience across our multi-tenant services.  All our services are designed to be continuously delivered, delivered at scale, updated with zero downtime, in a rapidly evolving modern architecture.

In this role, you will champion secure Java runtime for hundreds of Salesforce services. Your focus will be on building a scalable and secure foundation, empowering developers to design and implement secure applications with ease.  With a keen eye for emerging security trends, you'll actively explore and experiment with new technologies. You'll be an agile adopter, swiftly integrating these advancements to enhance the security posture of Salesforce's services.

Responsibilities

Enhance Java platform’s default security posture by maintaining FIPS compliance,  Manage PKI infrastructure interaction, adopt the latest security protocols and mitigate XML External Entity attacks, denial of service, server side request forgery and other cybersecurity attack vectors.

Attend to customer security investigations, root cause the problem areas and enhance the platform to fix those issues.

Be Operationally agile by optimizing the processes and pipelines to deliver secure Java runtimes efficiently to Salesforce’s services.

Remediate Security Issues: Recommend and implement changes to address security vulnerabilities based on Salesforce security standards.

Work effectively with a globally distributed  team and other teams across Salesforce.

Required Qualifications

5+ years of hands on development experience in the JDK and application level security including but not limited to FIPS compliance, TLS, PKI.
5+ years of strong  Java programming language experience.
Experience in working with large scale software platforms and services.
Prior experience in triaging and fixing Java security vulnerabilities.

Preferred  qualifications
Prior active participation in the OpenJDK community.
Experience with agile software development, delivering software incrementally.
Ability to lead full software lifecycle from development to testing and production rollout of security features.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.