Salesforce Jobs and Careers - Join the #SalesforceOhana -
Senior Application Security Engineer
Information and Product Security
US - Massachusetts - Burlington

Title: Senior Application Security Engineer
Location: Burlington, MA 

Trust is the #1 company value at . Our Enterprise Security team contributes to the Trust of our customers and employees by securing the company's applications, vendor solutions, and infrastructure. We serve as security subject matter experts for sales, support, IT, etc. We also provide guidance and best practices on how to protect the company in today's rapidly evolving threat landscape.

Senior Application Security Engineer

Salesforce Commerce Cloud is seeking a Senior Application Security Engineer who will be responsible for contributing to the design, development and enforcement of application security controls, policies, and procedures.  In this visible and important role you will verify and test application security standards to ensure that our platform, services, and applications meet and exceed the highest standards.  If you enjoy analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing, and security reviews across all elements of eCommerce products.  This position is located in Burlington MA and reports to the Director of Security Engineering


  • Have a deep understanding and hands on experience of secure software development practices including threat modeling, secure design principles, secure coding, code analysis, security testing etc.
  • Work with development teams to carry out application security reviews
  • Develop Java based security automated tools that help scale our AppSec efforts
  • Provide expert advice and consultancy to software and platform engineering on risk assessment, threat modeling and fixing vulnerabilities
  • On occasion, design and implement security controls in the product
  • Lead app security projects to ensure timely completion of efforts
  • Ability to drive security into engineering’s SDLC to ensure that security is built in and considered
  • Support security policies and procedures
  • Perform automated scans using various commercial tools and triage and catalog the results
  • Participate in security compliance efforts (e.g. PCIDSS)
  • Participate in security operations support
  • Evaluate new and emerging security products and technologies
  • Collaborate with engineering, testing, and operations groups
  • Travel several times per year to conferences and other corporate locations


  • BS in Computer Science or equivalent
  • 4+ years experience in application security and vulnerability testing /experience in working with commercial software development teams
  • 3+ years of deep application security experience: crypto, auth, TLS, OWASP top 10 vulns and mitigations
  • 3+ years App design and development coding skills across broad spectrum of technologies including Java web stacks
  • Strong hands-on background with MacOS, and Linux environments including security
  • Experience with automated security scanning tools (Checkmarx, Veracode etc)
  • Point of Sale security background is a plus
  • Knowledge of threat modeling or other risk identification techniques
  • Development experience in Java and Linux OS fundamentals
  • Familiarity with JIRA, Confluence, git
  • Knowledge of network and web related protocols
  • Experience with software-based services (SaaS)
  • Excellent written and verbal communication skills
  • Excellent teamwork skills
  • Results oriented, high energy, self-motivated


Learn more about our Culture, Product, and Principles – Company Culture and FORTUNE's 100 Best Companies to Work For 8 years in a row!

About the Salesforce Commerce Cloud

Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners and communities, we are working to improve the state of the world.

*LI-Y and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. and do not accept unsolicited headhunter and agency resumes. and will not pay fees to any third-party agency or company that does not have a signed agreement with or
EEO - It's the law.

Accessibility – If you require accessibility assistance applying for open positions please contact the Recruiting Department.

Pay Transparency Policy Statement – The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

Join the #SalesforceOhana Search jobs ›
Follow us

Live Chat
Previous MonthNext Month