Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms in Sales Force environment.
* Supports the development of security procedures and methods to ensure the safety of information systems and to protect the system from intentional (unauthorized) or accidental (inadvertent) access or destruction.
* Maintain Salesforce software in relation to security
* Document security processes and manage team access to environments.
* Serves as a liaison between development teams and stakeholders to understand and formulate security requirements for project/program.
* Source and implement new Salesforce security solutions to better protect the client liaise with vendors to implement security solutions
* Explains and demonstrates vulnerabilities to application owners and provide recommendations for mitigation.
* Identify current and emerging technology issues including security trends, vulnerabilities and threats
* Identifies additional application security related tools, conducts tool analysis, and provided recommendations.
* Complete client data protection assessments.
* Trains developers and other relevant team members on Secure Code Development as well as other security protocols as needed.
Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
Relevant Work Experience:
5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
Other Job Specific Skills
*Expertise with Sales Force environment .
*In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
*Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
*Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
*Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
*Knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
*Experience with static code analysis tools including HP Fortify.
*Experience working with apex source code.
*Must have solid working experience and knowledge of Unix/Linux operating system.
*Understanding of Agile/Scrum methodologies is preferred.