Cybersecurity Architect - Salesforce Security

DescriptionWe are seeking a Cybersecurity Architect - Salesforce Security as part of our top-tier team, to help our Salesforce developers and operations team build secure solutions. You will develop Apex, Lightning, and MuleSoft code and architecture diagrams to demonstrate best-practice solutions to security challenges in a Salesforce environment. You will provide opinionated analyses of various Salesforce- platform options for secrets storage, authentication, API integration, web frontend components, data analysis, and setup. You will help secure the platform, including custom APIs, record and field access, external API integrations, MuleSoft integrations, and secure data access for external teams. You will help evaluate new vendors for the Salesforce team both for business fit and security.This role is highly collaborative and involves participating in regular meetings with both the Salesforce and Information Security teams: while a member of the Information Security team, you will regularly “embed” with the Salesforce team. This role will facilitate collaboration between these two teams in building secure solutions involving the Salesforce platform/SFDC. This role will also involve frequent collaboration with other teams both inside and outside Robert Half who produce or consume information used by the platform.Build best-practice solutions to problems involving Salesforce platform-native tools (like managed credentials, protected custom settings and managed packages) as well as third-party tools like AWS Secrets Manager, MuleSoft, and AppOmni, and in-house developed toolsDevelop solutions – both architecture and code, both on SFDC and in other connected environments – that reduce risk and are developed effectively and efficientlyBe a bidirectional communication link between the Salesforce team at Robert Half and the Information Security team at Robert Half, both as part of your normal work and especially during incident response scenariosBecome an expert in the business logic of various teams’ applications and make recommendations specific to their use case and their needsEvaluate vendors, products, and procedures for technical risks, using tools such as BURP/ZAP (DAST), AppOmni, and Semgrep/Checkmarx (SAST)Embed within Salesforce development or architecture teams on a long-term basisEducate the Salesforce team on Information Security concerns, best practices, state-of-the-art, and vice-versaCollaborate with teams that manage existing Salesforce operations to help improve visibility and accountability around Salesforce logging, monitoring, and alertingDevelop custom Salesforce integrations with SaaS security tools, IAM tools, and logging tools that the Information Security team can use to address security concerns or incidentsStay up-to-date with Salesforce releases and security best practicesGuide the Information Security department when it creates policies relevant to Salesforce for governance, baseline standards, security posture, and incident responseHelp with other Information Security, and particularly Application Security, needs as time permitsRequirementsCombined 5+ years senior-level experience with Salesforce and security architecture/engineering experienceBachelor's degree in related field or equivalent experienceDeep knowledge of the Salesforce platform and development lifecycleA demonstrated history of building production applications with leading Salesforce development teamsExperience in related cloud infrastructure (AWS preferred) and API integrations with SalesforceExperience with MuleSoft, Java, and associated configurationExperience working with services and vendors that support Salesforce development and operation such as MuleSoft, Odaseva, Splunk, AppOmni, Jenkins, Heroku, etc.Experience working with teams to gather requirements and develop softwareSalesforce and/or Information Security-focused certifications a plus (CISSP, CISA, CCSP, CEH, AWS, etc.)Experience with securing cloud-based technology deployments and service offerings that span Salesforce and other cloud service offeringsSolid expertise with multiple Salesforce code paradigms, to include: Apex, Lightning Web Components, Javascript (AngularJS), and Marketing CloudAbility to communicate in-depth business processes to technical resourcesWorking knowledge and direct experience managing complex security issuesAbility to gather, combine and document requirements effectively to propose secure solutionsAbility to create thorough and complex documentation and facilitate, conduct meetings, gather information and present statusAbility to think independently and in team setting to ensure security issues are addressed in a manner consistent with security principles in mindJob typePerm