SVP, Workload Security
The Security Engineering and Operations team is looking for an executive leader to drive its Workload Security Program. We are looking for a technologist with deep expertise in security, building highly-scalable distributed systems, and running large globally-distributed organizations.
In the role, you will drive the strategic direction and execution plans for protecting all software and endpoints for Salesforce across all Salesforce business units. You will lead the design, engineering and operations for multiple critical areas, including asset management, threat and vulnerability management, software supply chain and SDLC security, SecOps tooling, security automation and email security.
You will establish the vision and guide the development and implementation of elite asset management solution, supporting thousands of services and tens of millions of endpoints in our on-premise and public cloud environments.
You will scale out our secure software development lifecycle processes to drive highly automated and friction free security checks across all phases of the software lifecycle: design, development, and runtime including source code analysis, secret scanning, CVE detection and mitigation, container security, binary authorization, run-time security controls and more.
In partnership with architects and senior executive leaders from across security and business technology, you will drive the design and implementation of Salesforce zero trust architecture and technologies, consistently set the standard on defence in-depth, the least privilege access, deception technology, intruder detection and mitigation tooling.
You will be responsible for recruitment and retaining the best security talent and growing your organization and its people. You will be working closely with senior executive leaders, security industry authorities, standard buddies and leading security partners.
- Lead the vision, drive the strategy and execution plan to build an elite software and endpoint security program at scale for the fastest growing enterprise cloud in the industry
- Partner with executives and peers across the company to deliver shared outcomes that measurably improve our efficacy and efficiency to protect our software. Our system and above all our customers.
- Establish credibility as a trusted advisor to team members including customers, executives, peers, and employees
- Partner with industry leading authorities to bring in innovative solutions in the software supply chain, secure development lifecycle, sensors and control points space, as well as give to the security community
- Drive strategic partnerships and solutions alignment with vendors
- Build and lead an impactful distributed team of engineers, DevOps and ops in workload security.
- Champion and facilitate the professional growth and development of the Workload Security organization and lead effective multi-functional collaboration across groups within the organization
- Build interpersonal capability within your teams by recruiting and retaining outstanding talent and providing mentorship, training, and other opportunities for professional growth and development
- Streamline and deliver greater efficiency in the overall organization, both in software development and operational activities
- Build a best-in-class set of autonomous and highly-available platforms capable of performing security validation across millions of endpoints across on-premise and public clouds
- Maintain proven understanding of technology in the endpoint security, email security, asset management and secure software supply chain space, as well as operational standard processes in the secure software development lifecycle landscape
- Work effectively as part of a geographically distributed team
- Consistent track record in software development, including:
- Building large scale distributed systems and infrastructure platforms
- Experience in a high-availability 24/7 environment with a DevOps approach and strong ownership over services and processes.
- Leading development of backend, user interface and data pipelines.
- Creating effective security strategies and implementing security controls, especially in the software development lifecycle space.
- Experience building and leading entire security programs with company-wide impact
- In-depth knowledge of threat and vulnerability management tools and processes, software supply chain security and configuration posture management solutions for both cloud and on-prem scenarios and prior experience in vulnerability management and its related processes and procedures
- Ability to drive innovation in asset management, ETL, graph databases, CMDB.
- Consistent track record with security process automation, including OS and container lifecycle management, patching, 3rd party software updates.
- Experience with different compute fabrics such as Kubernetes, multiple cloud platforms (AWS, Azure, GCP, Alibaba).
- Deep knowledge in application and infrastructure security, as well as security fundamentals (IAM, Data Protection, PKI, Network Security)
- Experience leading large geo-distributed organizations (150+ people) with diverse functional abilities (engineering and operations).
- Deep understanding of common application vulnerability causes and mitigations.
- Experience working in high growth companies and the ability to identify and build new capabilities as the scaling needs arise
- A related technical degree required.
- Previous experience developing and operating an asset management solution for 500,000+ assets.
- Experience and of endpoint security solutions and technologies such as Crowdstrike, Microsoft defender, EBPF, Application allow listing, OS hardening.
- Experience implementing an end to end software supply chain solution for a large (10,000+ developers) organization.
- Developing API integration or ETL solutions.
- Experience with network (L3, L4) and application (L7) scanning.
- Understanding and familiarity with deception technologies such as honeypots.
- Familiarity with tools and process for email security, especially in the Gmail ecosystem.
- Experience with secure posture management for multiple large public cloud deployments.
- Understanding of security compliance standards and regulations (e.g., ISO 27001, PCI, SOC, FISMA, FedRAMP, HIPAA, GDPR) and working with information security, IT audit, security risk and policy compliance.
- Previous experience working with government Fedramp high, IL5 or IL6 environments and requirements.
- An active top secret classification a plus.
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce, Inc. and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce, Inc. and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce, Inc. and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce, Inc. or Salesforce.org.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Your application has been successfully submitted.
We make software to bring companies and customers together