Buenos Aires, Buenos AiresJob Category Products and Technology Job Details
Our team conducts technical security testing, performs risk assessments, and provides business risk guidance on a wide variety of infrastructure technologies related to our vendors and the design and operation of ODCs. Our scope includes endpoints (laptops/thin clients), networks (wired, wireless, cloud), applications (endpoint, mobile, web, cloud), and physical security.
This role is for a security engineer who will lead projects, document the roles and access of our vendors, provide security guidance, and maintain a technical skillset in a diverse and changing enterprise environment.Primary Responsibilities:
Document and keep current; roles, access levels, and key risk indicators on our vendors
Define and develop technical security standards, policies and guidelines in collaboration with other security staff
Lead key security projects and drive business partners to effective security outcomes
Evaluate and assess security controls in a complex, heterogeneous enterprise computing environment to ensure appropriate defense-in-depth
Perform onsite technical security testing on a wide range of systems, devices, networks and applications and produce security risk guidance based on the results (75%)
Recommend improvements in security systems, procedures and processes based on industry best practices and innovative thinking
Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts
Required Skills & Qualifications:
Bachelor’s degree (B.S.) in computer science or related field, or Bachelor’s degree (B.A.) and equivalent work experience
3-5 years experience in the field of information security in at least three of the following areas: application whitelisting, security engineering, incident handling, penetration testing, intrusion detection, firewall\access control technologies, risk management, identity management, Windows or Unix security, encryption technologies, or endpoint security controls
CISSP (Certified Information System Security Professional) or the GSEC (GIAC Security Essentials Certification) from the SANS Institute
Experience providing advice and consultancy to internal customers on risk assessment, threat modeling and remediating vulnerabilities
Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
Ability to perform computer and/or network security vulnerability assessments to identify, evaluate and mitigate security risks, threats and vulnerabilities.
Excellent communication skills with a track record of partnering with a diverse set of business units to achieve security success
Proven project management and organizational skills, specifically managing multiple concurrent projects
Experience working knowledge of Linux, Windows and Mac OS X operating systems
Bonus points:
Advanced interpersonal skills to effectively promote ideas and collaboration at the various levels of a large, global fortune 500 organization
Experience using key security tools such as Burp, Nexpose, Nessus, Metasploit Nmap (Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks)
Experience writing security white papers and/or presenting at industry security conferences and events
Any of the following certifications a plus: GIAC (various), OSCP, OSWP, Security+, ITIL.
Posting Statement
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
