Cybersecurity Architect - Salesforce Security Job at Robert Half in San Ramon

We are seeking a Cybersecurity Architect - Salesforce Security as part of our top-tier team, to help our Salesforce developers and operations team build secure solutions. You will develop Apex, Lightning, and MuleSoft code and architecture diagrams to demonstrate best-practice solutions to security challenges in a Salesforce environment. You will provide opinionated analyses of various Salesforce- platform options for secrets storage, authentication, API integration, web frontend components, data analysis, and setup. You will help secure the platform, including custom APIs, record and field access, external API integrations, MuleSoft integrations, and secure data access for external teams. You will help evaluate new vendors for the Salesforce team both for business fit and security.

This role is highly collaborative and involves participating in regular meetings with both the Salesforce and Information Security teams: while a member of the Information Security team, you will regularly “embed” with the Salesforce team. This role will facilitate collaboration between these two teams in building secure solutions involving the Salesforce platform/SFDC. This role will also involve frequent collaboration with other teams both inside and outside Robert Half who produce or consume information used by the platform.

• Build best-practice solutions to problems involving Salesforce platform-native tools (like managed credentials, protected custom settings and managed packages) as well as third-party tools like AWS Secrets Manager, MuleSoft, and AppOmni, and in-house developed tools
• Develop solutions – both architecture and code, both on SFDC and in other connected environments – that reduce risk and are developed effectively and efficiently
• Be a bidirectional communication link between the Salesforce team at Robert Half and the Information Security team at Robert Half, both as part of your normal work and especially during incident response scenarios
• Become an expert in the business logic of various teams’ applications and make recommendations specific to their use case and their needs
• Evaluate vendors, products, and procedures for technical risks, using tools such as BURP/ZAP (DAST), AppOmni, and Semgrep/Checkmarx (SAST)
• Embed within Salesforce development or architecture teams on a long-term basis
• Educate the Salesforce team on Information Security concerns, best practices, state-of-the-art, and vice-versa
• Collaborate with teams that manage existing Salesforce operations to help improve visibility and accountability around Salesforce logging, monitoring, and alerting
• Develop custom Salesforce integrations with SaaS security tools, IAM tools, and logging tools that the Information Security team can use to address security concerns or incidents
• Stay up-to-date with Salesforce releases and security best practices
• Guide the Information Security department when it creates policies relevant to Salesforce for governance, baseline standards, security posture, and incident response
• Help with other Information Security, and particularly Application Security, needs as time permits

• Combined 5+ years senior-level experience with Salesforce and security architecture/engineering experience
• Bachelor's degree in related field or equivalent experience
• Deep knowledge of the Salesforce platform and development lifecycle
• A demonstrated history of building production applications with leading Salesforce development teams
• Experience in related cloud infrastructure (AWS preferred) and API integrations with Salesforce
• Experience with MuleSoft, Java, and associated configuration
• Experience working with services and vendors that support Salesforce development and operation such as MuleSoft, Odaseva, Splunk, AppOmni, Jenkins, Heroku, etc.
• Experience working with teams to gather requirements and develop software
• Salesforce and/or Information Security-focused certifications a plus (CISSP, CISA, CCSP, CEH, AWS, etc.)
• Experience with securing cloud-based technology deployments and service offerings that span Salesforce and other cloud service offerings
• Solid expertise with multiple Salesforce code paradigms, to include: Apex, Lightning Web Components, Javascript (AngularJS), and Marketing Cloud
• Ability to communicate in-depth business processes to technical resources
• Working knowledge and direct experience managing complex security issues
• Ability to gather, combine and document requirements effectively to propose secure solutions
• Ability to create thorough and complex documentation and facilitate, conduct meetings, gather information and present status
• Ability to think independently and in team setting to ensure security issues are addressed in a manner consistent with security principles in mind