Salesforce is looking to add to our expanding infrastructure security team. To join this team, you'll need to have a passion for security, and love hands-on systems administration/automation. As a Senior Systems Security Engineer, you understand Unix/Linux or similar systems, have confidence in general networking knowledge, and have an interest in growing as a cyber security professional.
As a key member of our team, the Senior Systems Security Engineer will work on the 'front lines' of the Salesforce production environment, the largest SaaS platform on the planet, protecting our critical infrastructure and proactively defending our customers' data. The Sr. Systems Security Engineer is responsible for enhancing the security of our production systems, developing the tools to help us maintain and report on our security posture, ensuring that we maintain our external security certifications, and deploying and maintaining the security systems in our production data centers.
Management/Review of systems host security configurations
System vulnerability assessments and remediation, including the assessment/deployment of vendor security updates
Support ongoing and new security/compliance initiatives
Security incident response in coordination with other teams across the company and/or externally as required
Deploy and manage system security, remote access, and authentication systems
Design and development of tools to automate security or security reporting tasks
Demonstrated understanding of general Unix/Linux systems administration (Or similar, e.g. Ubuntu, Solaris, etc.)
Knowledge of host-based security
Working knowledge of standard Unix infrastructure tools/protocols. (DHCP, DNS, NTP, SYSLOG, SSH, IPSec etc.)
Familiarity with OSI model.
Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, VLAN, etc.)
Experience with production and customer-facing data center environments
Experience with writing scripts and automation (Perl, C, Shell, Python etc)
Familiarity with Linux authentication and authorization methodologies, such as Kerberos, LDAP, NIS, Sudo, etc.
PKI and Key Management work, such as having created CSR's, adding certificates to web servers, understanding of PKI and key management, knowledge of HSMs, etc.
Experience undergoing audit and implementing new controls specific to with Government standards including FedRamp, DOD SRG, PCI, SOC, ISO
Host-based firewall security experience (access control list (ACL) management., secure remote management practices, IDS, etc
Host-based security to include HIDS/HIPS, system auditing frameworks, etc.
Configuration management with open-source tools, such as puppet, chef, salt, or ansible
Working in high-availability, 24x7x365 large-scale multi-data center environment
TACACS+, RADIUS, multifactor authentication systems (SecurID, YubiKey, etc.)
Cloud Infrastructure Experience SaaS
Securing multi-tiered applications
Strong communication skills
Security based credentials highly desired (SSCP, GIAC GCUX, GSEC, GCED,GCIH,GCIA, etc)
BS/BA degree, or equivalent work experience