Platform Security Specialist

Description

Team DescriptionThe Platform Technical Architect team is aligned to the most dynamic and exciting part of our business. As pre-sales engineers and architects, we partner with our customers to use Salesforce technology to drive digital transformation within their companies and support the sales team in winning new business. We work in a fast-paced, team-driven environment where everyone brings something unique to the table to get the job done.Role DescriptionWe’re looking for Security & Compliance Architects that sell to companies across a range of industries and sizes. We work with companies in rapid growth mode and with a diverse set of issues around security, compliance, risk as well as emerging technology and trends. This is a highly technical and customer-facing role with most of its impact focused on the success of our customers. There must be a strong desire to leverage both technical and sales skills, including the ability to solicit business requirements, develop a technical sales strategy, and effectively demonstrate the solutions that address these requirements and provide business value, often using configuration or light coding to tailor the demonstration to the audience.We look for technical professionals who can “own” the conversation on Salesforce's platform security and service delivery, Data confidentiality and Privacy, and Security and Compliance posture across various cloud offerings.The role of a Security & Compliance Architect is to work with our sales teams and customers to:

• Understand a customer's risk, security or compliance concerns and communicate how Salesforce's infrastructure, architecture and application features can address these concerns
• Apply knowledge of Federal, State, and local cyber and information security regulation and legislation (specifically HIPAA, PCI, APRA, Australian Privacy ACT, as well as industry frameworks, such as NIST CSF, ISO 27001/27002 and COBIT) to address customer concerns around risk, data privacy or Salesforce's compliance posture
• Work closely with other elements of Salesforce.com , e.g. other pre-sales teams, sales teams, enablement, product marketing, etc. to develop and execute internal and external programs and initiatives
• Have a strong understanding of network security, general engineering principles, cryptography, data in transit, and other technical aspects to assist in in-depth conversations with IT/CIO conversations
• Partner with sales teams to remove security as a blocker by speaking to CISOs, CIOs and other key decision makers
• Understand current and emerging cyber security risks, and innovative risk management methods and eloquently communicate to customers
• Scale the role through external and internal education and enablement efforts
• Lead hands-on technical workshops and education sessions

Your Impact

• Demonstrate a deep knowledge of Salesforce trusted services, security product offerings and be an evangelist for these products.
• Present Salesforce's cloud infrastructure, including demonstrating deep familiarity with Salesforce's hardware, software, networking and security stack
• Build deep relationships and provide thought leadership in our customer base to become a Trusted Advisor
• Experience interpreting customer questions, and mapping them to industry standard controls.
• Be the Salesforce field expert for the Salesforce trust story covering security, architecture, reliability, performance, privacy and compliance
• Active contributor to the internal Technical Architect community by participating in calls, publishing reference architectures and creating decks and other reusable assets for security and compliance topics
• Be a force multiplier and have a passion for team and team members’ success by providing technical guidance, career development and mentoring
• Willing and able to travel to customers or Salesforce offices

Qualifications

• Minimum 5 years of experience in information security, cybersecurity, accreditation, and other security related areas
• Familiarity with one or more security and regulatory frameworks: NIST 800-53, NIST Cybersecurity Framework, PCI-DSS, ISO 27001, ISO 27017, ISO 27018,... etc.
• A strong understanding of the security controls and best practices related to multi-tier, multi-tenant web applications including but not limited to authentication, role based access controls, data segregation and residency, data masking, data encryption etc
• A deep passion for working with the latest, cutting-edge technologies
• Information Security certifications (CISSP, GSEC, SANS etc.)
• Experience with cloud, SaaS, PaaS, aPaaS and IaaS concepts and technologies
• Familiarity with integration, security, and architecture patterns
• Knowledge of related applications, relational database, and web technology
• Deep understanding with information security and auditing, including experience with internal and external audits, and security and risk frameworks (e.g. ISO 27001, PCI DSS, HIPAA, GDPR or similar standards)