By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.
WorkYourWay Logo Close menu
WorkYourWay Logo
Lead/Principal Engineer
Salesforce
Fully Remote
role reference:  wyw_#00546
Location
Fully Remote
Salary
Competitive salary
Contract Full-time
Industry Information Technology and Services
Hours 37.5 - 37.5 Hours
  • PYTHON
  • Python (Programming Language)
  • JavaScript
  • Node.js
  • Salesforce
  • SECURITY ENGINEER
  • SOFTWARE ENGINEER
  • RUBY
  • GO
  • NODEJS
  • ELIXIR
  • CRYPTOGRAPHY
Description:

The PaaS Security Assurance team is responsible for the overall security of both internal and external Salesforce Platform as a Service offerings (Heroku, Mulesoft, internal offerings, PlatformDX, and more) and related infrastructure, and for compliance with established security policies.

We’re looking for dedicated security engineers, who understand software engineering team’s and business needs, public cloud and platforms, full stack security engineering, and the unique security challenges these present to join the team.

You will be supporting our engineers in creating the most trusted platforms and languages for app development, app delivery, and connectivity. We make ourselves available at every stage in the software development lifecycle, facilitating secure design choices without sacrificing the usability of our products.

You’ll work closely with our engineer customers to scope and implement platform and application security reviews throughout the development cycle, including architecture reviews and threat models, secure code reviews, and penetration testing. Creative security solutions are expected in order to enable our engineers to excel at what they do best.

The role is geared for a Security Engineer that has experience with platform and application security testing, software engineering, and working in an agile engineering environment. We’re looking for someone who’s passionate about leading Platforms-as-a-Service and Software-as-a-Service offerings.

We are a diverse and a 'remote first' team, with members in multiple global timezones.
 

Key responsibilities

  • Scope and perform application security reviews of our full stack: web applications, APIs, and platform architectures.

  • Provide our engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.

  • Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.

  • Produce research and collaborate with our peers in the broader information security and public cloud communities and industries.

  • Constantly challenge the assumptions made in existing security practices and routines, and update, replace, or automate them.

  • Write and promote secure development practices and further education for our engineers.

Key competencies

  • Experience with various open and closed security testing of applications.

  • Some experience with public cloud infrastructure security protections and weaknesses

  • Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.

  • Experience with performing threat modeling and manual secure code review.

  • Validated understanding of software engineering and architecture, web applications, linux internals, HTTP, TLS.

  • Scripting skills (our primary languages are Ruby, Python, Go, Java, NodeJS, and Elixir, but we’ll happily speak to candidates with other language backgrounds.)

  • Grasp of practical cryptography usage, able to recommend the best approach for storage, transport and identity purposes, specifically in the realm of public cloud.

  • Offensive approach and the ability to think of and consider abuse and attack paths as well as the defensive attitude to think of recommendations to prevent them.

  • Hardworking and quick learning of sophisticated systems and poorly-documented open source software.

  • Comfortable working with continuous integration/delivery and agile development teams.

  • Degree or equivalent relevant experience required. Experience will be evaluated based on the core competencies for the role (e.g. extracurricular leadership roles, military experience, volunteer roles, work experience, etc.)

Technologies

Strong candidates will have worked with some of these and/or similar technologies:

  • Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.

  • Linux, and preferably technologies like LXC, Docker, seccomp, grsecurity, etc.

  • A basic understanding of Amazon Web Services - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives is good to have.

  • Security features in container and container orchestration technologies (LXC, Docker, Kubernetes) is preferred.

  • Languages - one or more of: Ruby, Python, Java, Go, Shell, JavaScript, both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).

  • Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets.

  • Experience with building security automation is a big plus.

Key skills:
  • PYTHON
  • Python (Programming Language)
  • JavaScript
  • Node.js
  • Salesforce
  • SECURITY ENGINEER
  • SOFTWARE ENGINEER
  • RUBY
  • GO
  • NODEJS
  • ELIXIR
  • CRYPTOGRAPHY
Competitive salary

CONTRACT

INDUSTRY

Role Type

Job Function

37.5 - 37.5 Hours
Flexibility:
Working Patterns
Flexi-Time
Full-time
Flexibility:
Workplace
Remote or Mobile Working
Work From Home (WFH)
Flexibility:
Life event
Career Breaks / Sabbatical
Shared Parental Leave
Similar Roles
Principal Auditor
2.9km | , UK
35 - 35 Hours
Competitive salary
Quantitative Analyst
2.9km | , UK
37.5 - 37.5 Hours
Competitive salary
Early Careers Recruiter
2.9km | , UK
37.5 - 37.5 Hours
Competitive salary
Internal Sales Consultant
2.7km | , UK
37.5 - 37.5 Hours
Competitive salary
Market Risk Manager
3.1km | London , UK
37.5 - 37.5 Hours
Annual
£69,448 - £86,810
Customer Service Assistant
359.7km | Kendal , UK
28 - 28 Hours
Annual
£19,292 - £19,330
Assistant Marketing Manager (Fixed Term Contract)
263.4km | Chester, UK
37.5 - 37.5 Hours
Annual
£29,712 - £37,140
Azure Lead Product Engineer
2.3km | , UK
37.5 - 37.5 Hours
Annual
£81,120 - £101,400
Senior Security Engineer, Detection & Response
Remote Working
37.5 - 37.5 Hours
Competitive salary
Senior Communications Manager
Remote Working
37.5 - 37.5 Hours
Competitive salary
Principal Auditor
2.9km | , UK
35 - 35 Hours
Competitive salary
Quantitative Analyst
2.9km | , UK
37.5 - 37.5 Hours
Competitive salary
Early Careers Recruiter
2.9km | , UK
37.5 - 37.5 Hours
Competitive salary
Internal Sales Consultant
2.7km | , UK
37.5 - 37.5 Hours
Competitive salary
Market Risk Manager
3.1km | London , UK
37.5 - 37.5 Hours
Annual
£69,448 - £86,810
Customer Service Assistant
359.7km | Kendal , UK
28 - 28 Hours
Annual
£19,292 - £19,330
Assistant Marketing Manager (Fixed Term Contract)
263.4km | Chester, UK
37.5 - 37.5 Hours
Annual
£29,712 - £37,140
Azure Lead Product Engineer
2.3km | , UK
37.5 - 37.5 Hours
Annual
£81,120 - £101,400
Senior Security Engineer, Detection & Response
Remote Working
37.5 - 37.5 Hours
Competitive salary
Senior Communications Manager
Remote Working
37.5 - 37.5 Hours
Competitive salary
All rights reserved. © 2021 WorkYourWay