Mergers & Acquisitions Security Lead

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Trust and security are Salesforce's number one value. We have built a mergers & acquisitions security integration team that is responsible for ensuring the security uplift of all Salesforce acquisitions. The Mergers & Acquisitions Security Lead will work with potential acquisition targets and completed acquisitions to threat model their environment, uncover risks, identify and track mitigations, and transition the acquisition to other security teams for long-term integration ownership.

We are looking for an individual contributor that wants to leverage their deep product security, penetration testing, development, operations, and infrastructure skills in a fast-paced and elite security environment. You are right for this job if you possess the unique skillset of product / infrastructure security testing skills partnered with excellent executive presence and communication. You will work with Salesforce and acquisition leadership and engineering teams to ensure product and infrastructure are secure. The work involved will be focused largely on product and infrastructure design and assessment, code review, threat modeling, assisting acquisition engineering teams integrating to Salesforce standards, and assisting acquisition engineering teams remediating issues uncovered during testing, among others.

Our ideal candidate has held a range of product security roles, has experience understanding business drivers and presenting to executive audiences, possesses strong written and verbal communication skills, creatively applies their technical acumen to a wide breadth of offensive and defensive security scenarios, is comfortable managing through ambiguity, and loves to get things done with an owner and driver mindset. If you like wearing multiple hats, knocking down doors to peek into dark corners to uncover security tech debt, developing plans to remediate risk, constantly learning about new and cutting edge technologies, and working with a team of passionate and kind security experts, this is the perfect role for you.

Salesforce makes multiple acquisitions per year, and each acquisition represents the unknown, ensuring engaging and exciting work that will challenge you technically and provide great opportunities to grow your professional skill set.

Travel: ~20%

YOUR IMPACT - RESPONSIBILITIES
As the M&A Security Lead Engineer, you are responsible for:

• Leading and conducting security diligence exercises for potential acquisition targets, including:
• Creating threat model of the target environment;
• Leading a team of security engineers in penetration testing and security review of target source code, infrastructure, cloud accounts, and other assets;
• Crafting and leading security-focused interviews with acquisition leadership and security resources;
• Requesting and analyzing supplemental information to build a full picture of a target's security posture and areas of weakness;
• Identifying potential areas of risk and assessing their potential impact to Salesforce upon acquisition;
• Modeling out the potential real and opportunity costs of security debt on overall business priorities and deal models;
• Updating leadership and executives on status, findings, and potential risks throughout the exercise;
• Escalating critical areas of risk to acquisition and Salesforce leadership; and
• Using diligence information to craft preliminary integration plans.
  • Leading security integrations of acquired companies, including:
    • Using information discovered during diligence to craft detailed integration plans to drive the resolution of identified security debt
    • Prioritizing work items in accordance with risk;
    • Negotiating with work teams to estimate associated effort and ensure committed timelines for development and required work;
    • Taking ownership for key milestones where possible and delegating or influencing partner engineering teams where not;
    • Keeping pulse on remediation progress, working to resolve blockers, escalate risks, and generally drive a fast pace of integration work; and
    • Preparing acquired products for handoff to the wider Security team.
  • Developing thought leadership for the M&A team and wider Security team, including:
    • Deeply understanding associated technical products and tooling that could enhance our M&A integration processes, identifying tooling gaps, assessing potential solutions, and generally advising the wider Security team on use, implementation, and evolution;
    • Developing deep expertise in Salesforce security domains, how to apply them to various types of acquisitions, how to more efficiently work with team members to drive integration efficiency, and generally advising the wider Security team on implementation and evolution;
    • Upleveling testing, integration, and technical application of security across Salesforce and acquisition environments.

REQUIRED QUALIFICATIONS

• Bachelor's Degree in Computer Science, Engineering, or related technical field, or equivalent experience in technical leadership.
• 6+ years of experience in security testing, engineering, or technical assurance across applications, products, and infrastructure.
• Experience with threat modeling SaaS product and infrastructure.
• Strong IaaS security skills, with a focus on AWS and/or GCP. Familiarity with Azure and OCI a plus.
• Experience with Linux systems engineering/operations; Understanding of Microsoft Windows Server/AD deployment.
• Strong scripting/development skills (Python, Go, Ruby, Java, Node, etc).
• Deep knowledge of secure software development lifecycle; knowledge of CI/CD best practices.
• Experience architecting, deploying, and maintaining security controls.
• Experience performing code and infrastructure design reviews; experience fuzzing applications and protocols; assembly/exploit development experience.
• Experience with multiple static and dynamic code analysis tools.
• Experience in infrastructure vulnerability assessments and remediation; bug bounty awards or CVEs.
• Excellent problem-solving, analytical, and communication skills. Must have experience explaining technical security concepts to non-technical and technical audiences.
• Contributions to the community (open source, presentations, volunteering, etc).
• Bachelors' degree in an associated field (e.g. Information Technology, Computer Science, etc.) and/or advanced industry certifications (e.g. CISSP, CEH, CRISC, OCSP, CompTIA Security+, etc.)

PREFERRED QUALIFICATIONS

• Experience with mergers and acquisitions security integrations at a large technology enterprise.
• Familiarity with testing and developing security controls for multi-cloud infrastructure (e.g. AWS, GCP, Azure, OCI)
• Experience explaining technical security concepts to non-technical executive audiences.
• Strong understanding of business drivers and how security risks may or may not impact corporate business plans.
• Advanced degree in associated field (e.g. Information Technology, Computer Science, etc.)
• Multiple certifications and/or professional industry affiliations

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.