Enterprise Application Security Engineer (Cybersecurity)

TL;DR

Senior Enterprise Application Security Engineer (Cybersecurity): Performing full-stack security assessments across diverse enterprise environments with an accent on architecture and design reviews, code reviews, and penetration tests. Focus on threat modeling attacker methods, developing automated mitigation techniques, and integrating security into the development lifecycle.

Location: Onsite in San Francisco, California or Bellevue, Washington.

Company

hirify.global, a Salesforce company, focuses on securing its rapidly growing enterprise environment for its workforce.

What you will do

• Perform full-stack security assessments (architecture/design reviews, code reviews, penetration tests) across web applications, SaaS, OS/hardware, network infrastructure, authentication services, public cloud, and API services.
• Threat model common attacker methods to develop appropriate mitigation techniques.
• Develop automated processes and improve tooling to identify and solve security problems at scale.
• Collaborate with engineering teams and business partners to drive solutions through a secure development lifecycle.
• Define and develop technical security standards and guidelines.
• Research new technologies, emerging threats, and vulnerabilities for strategic planning and process improvements.

Requirements

• 2-4 years of experience in a security role with a focus on application and network security, penetration testing, security engineering, infrastructure engineering, threat modeling, red team operations, firewall/access control, risk management, or endpoint security.
• Knowledge of key security areas: common network security models/protocols, application security, integrity/confidentiality methods, OS internals/vulnerabilities, PKI, and exploit mitigation techniques.
• Hands-on experience performing security assessments with tools such as BurpSuite, Nexpose, Nessus, Metasploit, and Nmap.
• Experience performing manual and tool-assisted code reviews (Java, JavaScript, Python).
• Experience designing solutions and/or performing security assessments in cloud environments (AWS, Azure, Google Cloud).
• Excellent communication skills.

Nice to have

• Scripting experience in Bash, PowerShell, Python, Java, or JavaScript/Node.js.
• Security certifications such as OSCP, OSEP, GCIH, GCIA, GPEN, GWAPT, GMOB, GPPA, CCNP, CCNP Security, CCIE Security.
• Knowledge of development and security practices on the Salesforce platform, hirify.global, Slack, Mulesoft, and/or Tableau.

Culture & Benefits

• Partner closely with technology and business partners to scale enterprise security programs.
• Opportunity to identify emerging threats and design new processes.
• Be part of a team dedicated to making a positive impact and advancing your career in a dynamic environment.
• For roles in San Francisco and Los Angeles: Salesforce will consider for employment qualified applicants with arrest and conviction records pursuant to local Fair Chance Ordinances.