M+E Technology Job Board

Lead Security Engineer

  • linkedin
  • fb
  • twitter
  • google plus
  • email


This role is part of the IT Security Team at Salesforce. The ideal candidate has proven leadership and communications skills with an extensive background in cybersecurity.

Job Description
As a Lead Information Security Engineer, you will be responsible for IT security solutions, incident response, and vulnerability assessments/remediation for the organization as well as assisting in creation of security standards within the security team, leading security architectural designs, with a focus on network and event management to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements.

IT Security

  • Responsible for bringing together key security and risk stakeholders to develop and review enterprise IT security and risk strategies.
  • Assist in drafting and proposing company-wide IT security strategy and action plans based on security risk and analysis based on potential and emerging threats to the business.
  • Develops and directs technical teams in the investigation and resolution of complex security problems.
  • Recommend actions in support of the company’s wider risk management program.
  • Management of technologies to support information and security requirements as team builds and supports security systems and infrastructure.
  • Strong knowledge and experience in various IT verticals, such as www, networking, OS systems, identity management, privacy, etc.

Technical Program Management and Delivery

  • Develop short and long term security value and project objectives that align with business goals and create justification to executive management.
  • Understand how to deliver security to the business often, early, and in rapid succession mapping security projects to direct business value in repeat and iterative cycles via Agile methodology.
  • Deep knowledge on how to provide transparency and measurement to security initiative and projects at all times, via tooling, process, and dashboard reporting
  • Oversee multiple project timelines, deliverable and information requests for all functions within IT Security Initiatives.

Qualifications / Experiences

  • BA/BS Computer Science, or relevant field OR 10+ years of IT work experience.
  • 6+ years practical experience designing and implementing enterprise IT security, specifically around network security, security event management, incident response, and vulnerability assessments.
  • Experience with design, implementation, and operation of enterprise vulnerability management systems, SIEMs, logging.
  • Experience in security process and enterprise organizational design and security specific architecture methodologies, including application security
  • Strong demonstrated knowledge of technologies including network, server, desktop, storage, and how security relates to the overall IT environment.
  • Strong conceptual thinking and communication skills – the ability to conceptualize complex business and technical requirements into comprehensible models and templates
  • Excellent written and verbal communications skills with the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Strong business analysis skills, problem solving techniques, and follow-up.
  • Advanced knowledge in information security forensic analysis methodologies
  • Team-oriented, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel
  • CISSP (Certified Information System Security Professional) or equivalent
  • Certification and/or Expert experience in a major operating system: Windows, Linux/Unix (any flavor), Mac OSX.
  • Expert knowledge in Perl, Python, Powershell, and Java.
  • Expert knowledge in breath of security products and tooling.

Desired Skills/Experience:

  • Current Certification in other security certifications (such as CEH, CPT, GCIH, etc.)
  • Knowledge and understanding of ITIL
  • Knowledge of regulatory issues such as SOX, PCI, HIPAA, FISMA
  • Knowledge of cloud security management
  • Deep knowledge of security standards and frameworks [such as ISO 17799]
  • Deep knowledge of application security, testing, and implementation of testing procedures, tooling, architectures.