Security Engineer

Description:

Oliver James is seeking a highly skilled Salesforce Security Engineer to strengthen the security posture of their Salesforce platform while ensuring robust engineering and development practices. This role is ideal for a professional with a solid foundation in Salesforce development who has transitioned into the security space and thrives in modern DevSecOps environments.

The selected candidate will take ownership of embedding security into the Salesforce ecosystem, focusing on secure development, CI/CD pipeline protection, and proactive threat modelling. The role requires deep expertise in APEX development, API security, and the integration of security testing frameworks, ensuring Salesforce applications are developed and deployed following the highest security standards.

Key Responsibilities:

• Lead and enhance security engineering efforts for the Salesforce platform with a focus on APEX, APIs, and secure development lifecycle.

• Apply DSOMM and OWASP frameworks to evaluate and improve Salesforce security maturity.

• Manage and enhance CI/CD pipeline security including static code analysis (SAST), dynamic testing (DAST), dependency scanning, and secure deployment methods.

• Conduct in-depth threat modelling and risk assessment across Salesforce-based estates.

• Design, refine, and execute security tests for Salesforce APIs and applications.

• Collaborate closely with developers, platform engineers, and the infosec team to ensure security is embedded by design.

• Provide guidance on secure code signing, policy enforcement, and change validation within a distributed Salesforce environment.

• Address unique challenges in securing Salesforce-first architectures and integrate security across the broader enterprise IT estate.

Requirements:

• Proven experience with Salesforce development (particularly APEX) combined with a strong security engineering background.

• Practical experience with secure coding practices, SAST/DAST tools, and pipeline security integration.

• Familiarity with DSOMM, OWASP, and threat modelling frameworks.

• Ability to embed security seamlessly within engineering and development processes.

• Strong communication skills with the ability to articulate security needs into engineering requirements.