Job Category: Software Engineering
About Salesforce: We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
About Us: The Product Security Tooling team fortifies Slack’s security posture by developing and maintaining automated solutions that reduce the product’s attack surface. We build systems that identify security risks and enable risk owners to remediate them at scale. We work closely with Slack engineers to ensure that they have a frictionless and integrated developer experience with innovative security tools. We proactively find opportunities to reduce manual workflows in security processes and build automation to address bottlenecks.
The Team Has Two Major Workstreams:
- Vulnerability Management
- Security Tooling
What You Will Be Doing:
- Be one of the lead engineers for the newly-formed Tools team with the ability to make a strong impact by automating our security processes.
- Unique opportunity to shape the team’s technical stack and product usage.
- Partner with Engineering and Technical Program Managers to create technical roadmaps. You will work to accomplish the team’s mission of build, buy, and operate internal and third-party security tooling at scale. Together, we will make results easily and programmatically accessible to the Slack Security and Engineering teams.
- Establish a technical baseline and expectations for how to standardize the operation of application security tooling at Slack.
- Develop key performance indicators around vulnerabilities, triage, and security controls.
- Lead, mentor, and guide team members through the software development and operation lifecycles.
- Partner with people leader stakeholders to help influence change and promote cross-functional communication.
- Mentor and grow other engineers by providing thoughtful feedback during all phases of the development lifecycle.
- Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns.
- Serve as a public representative for security at Slack by engaging in internal and external speaking engagements.
- Take an active role in driving security initiatives at Slack.
- Seek out opportunities to automate processes when appropriate.
What You Should Have:
- Bachelor’s degree in Computer Science, Computer Engineering, related technical field required, or equivalent practical experience.
- 7+ years of proven experience in software development.
- Strong expertise in software engineering best practices.
- Experience coding in an industry-standard language such as Python (preferred), Go, Java, C#, Ruby, PHP, C++, or JavaScript.
- Experience with Amazon Elastic Compute Cloud Resources.
- A passion for improving security, systems, and processes.
- Experience designing, operating, and delivering internal and third-party security services at scale.
- Ability to see the big picture and build out concise, comprehensive, yet realistic project plans.
- Experience working in a complex, matrixed organization involving cross-functional projects.
- Ability to balance short-term engineering tradeoffs with long-term investments.
- A track record of mentoring team members.
- Strong written and verbal communication skills, with high attention to detail.
- Ability to connect with emotional intelligence when delivering constructive feedback regarding security matters to engineers and product designers.
- Knowledge of common security vulnerabilities as published by OWASP, SANS, etc.
- Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security weaknesses and quality.
- Experience with containerized applications and their deployment, experience with secure software development, contributions to the security community (published research, blogging, public speaking, open source projects).