Practices Senior Director - Technical Security Assessment Leader

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category Customer Success Job Details About Salesforce Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce. Bring Your Security Mindset to the World’s #1 CRM. We are building a dedicated Salesforce Security Practice and looking for a Senior Security Architect to join as a Founding Member. We are looking for a true security practitioner—someone who understands the DNA of Cloud, SaaS, and full-stack Application Security. You bring deep expertise in Incident Response, Threat Modeling, and Infrastructure Security; we will teach you the Salesforce platform. This is a unique opportunity to cross-train into a high-demand ecosystem while applying rigorous security standards to the top 1,000 enterprise environments. This will be a customer-facing role to help our customers understand and uplift their last-mile security obligations.Key Responsibilities 1. Strategic Advisory Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps. Supply Chain Risk: Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware. Standards Definition: Define technical security standards and Gold Standard implementation guides to ensure consistent quality across the practice. 2. Architecture, Assessment & Testing Full-Stack Assessments: Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile). Threat Modeling: Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility. 3. DevSecOps & Engineering Secure SDLC: Collaborate with engineering teams to shift security left, integrating automated security scanning (SAST/DAST) into CI/CD pipelines. Automation: Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale. Identity Architecture: Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform. Required Experience: 10 Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming). Assessment Tooling: Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap. Code Review: Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages. Cloud Fluency: Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model. Prior Big-4 or relevant customer facing consulting experience is a plus. Technical Skills: Protocols: Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos). Exploit Mitigation: Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques. Certifications (Candidates should possess one or more of the following): CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth. CCSP (Certified Cloud Security ... (truncated, view full listing at source)