This website uses cookies to ensure you get the best experience. Learn more

Senior/Lead Penetration Tester

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job CategoryProducts and TechnologyJob Details


We are looking for a seasoned security engineer that wants to leverage their existing penetration testing, offensive security, DevSecOps, and/or infrastructure engineering skills within a dynamic and fast-moving cloud environment. The work will focus primarily on full stack infrastructure security and product security assessments and will include conducting deep dive pentest engagements across multiple clouds, acquisitions, and first-party and public cloud environments; performing code review, threat modeling, assisting the engineering teams of acquisitions integrate with Salesforce standards, and assisting acquisition engineering teams remediate issues uncovered during security testing.


  • Role: Offensive Security/Pentester

  • Level: Senior or Lead

  • Location(s): Bellevue, WA / Bay Area, CA / US / Remote

  • Perform grey and white box penetration testing; leverage code review skills to identify vulnerabilities and test internally-developed systems and network automation tools, as well as third-party vendor solutions

  • Provide security guidance and input to engineering and operational teams during design review and threat modeling

  • Develop secure coding practices and recommend technical mitigations for systems and network-focused development teams

  • Develop hardening guidelines and review security configurations

Technical Skills:

  • Experience in infrastructure vulnerability assessments and remediation

  • Experience with static and dynamic code analysis

  • Experience threat modeling SaaS products, cloud infrastructure, RESTful microservices, etc

  • Strong IaaS security skills, with a focus on AWS, Azure, GCP

  • Strong scripting/development skills (ex: Python, Go, Ruby, Java, JavaScript, etc)

  • Experience fuzzing applications and protocols

  • Track record of bug bounty awards and/or CVEs

  • Knowledge of secure software development lifecycle

  • Experience performing code and infrastructure design reviews

  • Familiarity with building, deploying, maintaining security controls

  • Proficiency in Linux systems engineering/operations

  • Understanding of Microsoft Windows Server/AD deployments

  • Assembly/exploit development experience

The Ideal Candidate:

  • Thinks like an attacker

  • Some way, somehow finds a way to “get it done”

  • Active within the security community

  • Has presented/published interesting bugs or CVEs

  • Full stack pentester (80% infra / 20% web app)

  • Code review experience

  • Knowledge of securing infrastructure on one or more cloud providers (AWS, GCP, Azure)

  • Demonstrable history of build and deploy within a dynamic enterprise cloud environment

  • Deep engineering, SecDevOps, and/or pentest experience in a public cloud environment

  • Strong IAM experience

  • Design review experience

  • Proficiency in one or more scripting languages

Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability do not accept unsolicited headhunter and agency will not pay any third-party agency or company that does not have a signed agreement or

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

Apply Now

Share this