griddable.io · 20 hours ago
Security Systemic Risk Remediation Engineer
San Francisco, CA
Full-time
Onsite
Senior Level
5+ years expGriddable.io is part of Salesforce's Product Security team, focused on securing customer data and assets. The Security Systemic Risk Remediation Engineer will proactively identify and remediate risks across Salesforce’s products, collaborating with engineering and product management teams to implement security measures and educate developers.
AnalyticsBig DataCloud Data ServicesData IntegrationInformation TechnologySaaSSoftware
Responsibilities
Partnership with Engineering
Collaborate with Product Management & Engineering teams to drive accountability for implementing mitigation steps across affected areas and to resolve issues at their root cause
Drive adoption of proactive security measures and guardrails, such as automated secure coding checks, centralized input validation libraries, and robust access control mechanisms
Update organizational standards, policies and procedures as necessary to prevent systemic flaws from being re-introduced
Educate developers on secure coding practices and common systemic flaws
Influence Product Management & Engineering roadmaps to drive architectural improvements and adopt secure-by-default product features
Review technical design and architecture documentation or source code for product features
Triage security findings, alerts or bug reports to find common patterns representing widespread or recurring security issues
Identify variants or broadly similar instances of existing security anti-patterns using commercial, custom, and/or open-source code and runtime testing tools
Validate security issues with a proof-of-concept to confirm exploitability when necessary
Collaborate with engineers and developers to build context required to pinpoint and articulate risk
Develop scalable approaches for risk remediation, mitigation, and prevention. These should include Agentic AI and process automation
Frame engineering risks to enterprise and other Security partners at levels of seniority up to and including C-suite leaders
Collaborate with other security teams to incorporate lessons learned from risk identification and remediation into proactive controls
Engage in executive forums, as necessary, to articulate risk remediation strategies in a manner that resonates with the audience
Rapidly adapt to new and emerging high-risk areas, effectively persuading stakeholders to pivot priorities where required
Qualification
Required
Bachelor's degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience is required
Proven communication, collaboration, and interpersonal skills with the ability to effectively communicate complex technical concepts to diverse audiences, including technical and non-technical teams
An attacker's mindset; consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them
A passion around improving the security development lifecycle and delivering security guidance to engineers in a language they understand
Ability to work with data, identify trends and propose comprehensive mitigations that eradicate systemic security concerns
Experience participating in an information security program and improving or proposing improvements to a secure development lifecycle
Threat modeling of security topics across infrastructure security & application security domains. Understanding of, or experience managing infrastructure and platform access control models, best practices for configuring secure Salesforce orgs, session authentication and API security best practices, and use of Agentic AI to streamline risk detection and evaluation
Excellent writing and presentation skills
Possess the ability to communicate concisely, clearly, and intelligently to cross functional teams
Preferred
Proven ability to drive enterprise-ready features to release prioritizing Trust without sacrificing usability
Strong technical aptitude; comfortable engaging with engineering on architecture, APIs, and platform implications
Experience working with InfoSec, Legal, and IT stakeholders at Fortune 500 companies
Demonstrated expertise in navigating security incident response efforts, including direct engagement with executive leadership, legal counsel, and external parties to resolve complex security issues
Strategic thinker with an understanding of the evolving global threat landscape and its implications for millions of users
Experience with software development in one or more languages such as: JavaScript, Java, Python, Ruby, PHP, Go, Rust, TypeScript. Some experience performing penetration testing or familiarity with the process
5+ years proven experience in the following areas in a security engineering or research role: Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25
Exploiting web and web services security vulnerabilities such as cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, API attacks, etc
Public Cloud security architecture in one or more of the following: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, etc
Company
griddable.io
Griddable.io is a San Jose, CA based SaaS startup that closed Series A funding in 2017 from August Capital, Artiman Ventures, and Carsten Thoma, founding CEO of Hybris (acquired by SAP).
11-50 employees
Funding
Current Stage
Early StageTotal Funding
$8M2019-01-28Acquired
2018-02-28Series A· $8M
Leadership Team
Burton Hipp
VP of Engineering/Founder
Company data provided by crunchbase