Senior Director, Product Security

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

We are seeking a dedicated and seasoned security leader to build and lead our Product Security Advisors organization. This team serves as trusted technical security partners to our product engineering groups, with in-depth knowledge of the product architecture, features, and embedding security into every phase of the software lifecycle-architecture, design, deployment, and runtime operations.

The Senior Director will partner closely with the Business Information Security Officer (BISO) and lead a team of highly skilled technical security engineers. These engineers combine architectural review, hands-on testing, and threat analysis to identify risks early, influence secure design decisions, and drive accountability across product teams to remediate issues, in close collaboration with BISO's and other Security leaders, to ensure that high-risk areas are prioritized and effectively addressed.

This is a high-visibility leadership role that requires a mix of deep technical expertise, strong relationship-building skills, and proven experience leading security teams at scale.

As a strong leader, you will adeptly navigate complex discussions to influence product management and engineering roadmaps, guiding the development of features with a security-first mindset. You will champion the integration of security best practices throughout the development lifecycle. You will advocate for optimal design solutions sourced from the Product Security Advisors that harmonize business objectives with a Trust first mindset. When risks are identified, you will ensure awareness and alignment with BISO's stakeholders, holding leaders accountable for their remediation commitments.

If you are passionate about driving security excellence and have the expertise to lead a dynamic team, we invite you to join us in safeguarding our products and enhancing our security posture.

Impact - Responsibilities

Leadership & Strategy

• Build, scale, and lead the Product Security Advisors (PSA), ensuring close alignment with the broader Product Security and BISO organization

• Define and drive a forward-looking security advisory strategy that supports product engineering across multiple business units

• Set a clear vision for the PSA team, empowering them to influence architecture, design, deployment, and runtime security decisions

• Establish measurable outcomes and reporting frameworks to track program effectiveness, risk reduction, and overall impact

• Foster a culture of innovation, leveraging automation, agents, and streamlined processes to maximize efficiency and value

• Implement employee success strategies that drive high performance, accountability, and retention within the PSA team

Partnership with Engineering

• Serve as a trusted advisor to product and platform leadership, embedding with engineering teams to ensure a security-by-default approach

• Partner with Product BISOs and security teams to curate aligned, risk-based priorities across business units

• Influence product management and engineering to integrate risk remediation and security best practices into feature development and roadmaps

• Hold stakeholders accountable for delivering remediation commitments within agreed timelines

Risk Identification & Management

• Lead comprehensive risk assessments across architecture, design, deployment, and runtime phases

• Oversee technical reviews, threat modeling, code/design reviews, and hands-on testing to uncover and mitigate risks

• Analyze diverse risk signals and discovery data to prioritize security activities and inform the product security roadmap

• Guide the PSA team in evaluating trade-offs, recommending optimal solutions that balance security, functionality, and business objectives

Collaboration & Influence

• Partner with the BISO organization to align product risk management with regulatory, compliance, and customer obligations

• Collaborate with CSOC, SCCT, and other security teams to incorporate lessons learned from incidents into proactive controls

• Act as a security thought leader, representing Product Security Advisors in executive forums and, as needed, with external customers

• Rapidly adapt to new and emerging high-risk areas, effectively persuading stakeholders to pivot priorities where required

Minimum Qualifications

• Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required

• Exceptional communication, collaboration, and interpersonal skills with the ability to effectively communicate complex technical concepts to diverse audiences, including technical and non-technical leadership

• An attacker's mindset; consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them

• A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand

• Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns

• Experience managing or participating in an information security program and improving or proposing improvements to a secure development lifecycle

• Threat modeling of security topics across infrastructure security & application security domains

• Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements

• Exceptional writing and presentation skills

• Possess the ability to communicate concisely, clearly, and intelligently to partners and executives from a variety of backgrounds, including those who are non-technical

Preferred Qualifications

• Experience with client side/browser security features like same origin policy, CORS, CSP, shadow DOM, Web Components, web development frameworks etc.

• Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, TypeScript

• Some experience performing penetration testing or familiarity with the process

• 5+ years proven experience in the following areas in a security engineering or research role:

  • Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25

  • Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc.

  • Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc.

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.