Location: San Francisco, CA
Are you interested in building an enterprise scale automated vulnerability assessment program which collects vulnerability data from hundreds of thousands of hosts across the stack and turns it into meaningful actionable security intelligence? If so this position is for you. As Director of Vulnerability Assessment and Intelligence you will be responsible for developing and managing a high quality vulnerability management program that provides comprehensive vulnerability collection, assessment, triage and response capabilities at scale across Salesforce and acquisitions. You will build meaningful relationships with teams and management in many Salesforce business units and drive meaningful security posture improvement through accurate/honest vulnerability metrics reporting in a pull based model. You will be the all seeing eye which knows the entirety of our attack surface and its past, present and future security posture.
Understand the current vulnerability management program, tools, technology and team.
Develop plans with executive management to enhance the current vulnerability management program.
Expand vulnerability assessment coverage breadth to new business units.
Expand vulnerability assessment coverage depth by adding new tooling to the vulnerability management portfolio.
Develop a centralized data consolidation and analysis system for all vulnerability data.
Develop a communication plan for vulnerability data leveraging a pull based model.
Work with management to develop long term strategy, annual plan and tactical plan for the vulnerability assessment and intelligence program.
Develop and contribute novel vulnerability management tools and software and contribute to open source.
Build a world class team of vulnerability assessment engineers and vulnerability assessment and triage experts.
BS/MS degree, or relevant work experience
Experience with common vulnerability management tooling at scale
Experience managing a small team of six to ten engineers
Experience developing strategic and tactical team plans
Experience working with executive management
Infrastructure and application level vulnerability assessment and pen testing experience
Expert knowledge in computer and network security
Extensive knowledge of the OWASP Top 10 and CWE Top 25
Desired Skills and Credentials:
Ability to self motivate when given strategic goals
Excellent organizational and communication skills
Ability to get things done in large organizations
Ability to recruit talent and build great teams
Experience managing sizeable infrastructure deployments
Experience managing and developing open source software and tooling
Experience in software development, Java, Perl, Python, Ruby, etc….
Information security certifications, GPEN, OSCP, OSCE, OSWE, CEH, CISSP
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world.
Keywords: developer, ruby, sinatra, database, security, vulnerability, penetration test, Qualys, Qualysguard, Nessus, Tenable, Tripwire, Invincea, nCircle, 0-Day, Pentest, nexpose
How to Apply
Apply using the job link: http://careers.force.com/jobs/apex/ts2__JobDetails?jobId=a1k70000003Fq8EAAS OR email James Sale at firstname.lastname@example.org