Salesforce
Product Security Senior
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Salesforce
Salesforce is a global leader in cloud computing, founded in 1999 in San Francisco by Marc Benioff and his team. The company pioneered the Software-as-a-Service (SaaS) model, providing customer relationship management (CRM) solutions that are delivered entirely over the internet. This innovation has transformed how businesses engage with their customers by simplifying software installation and maintenance. The core offering of Salesforce is its cloud-based CRM platform, which helps businesses manage sales, customer service, marketing, and analytics. The company also provides a platform for building custom applications and hosts AppExchange, a marketplace for third-party business apps. Salesforce offers various cloud solutions, including Sales Cloud, Service Cloud, and Marketing Cloud, all designed to enhance customer engagement and streamline business operations. With mobile access and integrated automation tools, Salesforce supports a flexible and efficient work environment for its users. Salesforce serves a diverse range of customers, from small businesses to large enterprises, across multiple industries, including technology, finance, and healthcare. Its commitment to customer success and innovation has established it as a dominant player in the cloud computing industry.
Security at Salesforce
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Salesforce's AppSec philosophy is rooted in trust, stating that 'Trust is the bedrock of our company.' They view cybersecurity as a 'shared responsibility' and aim to 'Build apps that users can trust.' Their risk philosophy emphasizes prevention, with the belief that 'Prevention is better than cure.' A stated goal is the 'finding and fixing of bugs.' However, information regarding reporting lines (e.g., to CISO vs CTO) is not publicly available.”
Security Team
Salesforce has a large, cross-cloud security organization, but the specific AppSec reporting chain is not publicly available. Key public-facing leaders include Prashant Vadlamudi (Senior Vice President, Product Security), Andrew O. Leeth (Senior Director, Product Security), and Blake Carpenter (Product Security leader). An estimated team size is ~30-40 based on public LinkedIn profiles. Active AppSec job postings count is not publicly available due to a service interruption on Workday careers. Common skill and tool patterns include 'embedding SAST, DAST, and SCA tools into CI/CD pipelines' and scanning Apex, Visualforce, and Lightning code pages. DigitSec is noted as an application security testing platform for Salesforce DevSecOps. A consolidated public org chart or explicit team size is not published by Salesforce for AppSec.
Key Initiatives
Salesforce's AppSec initiatives include 'Shift Left' practices such as performing 'a static analysis scan of all unpackaged code' and scanning Apex, Visualforce, and Lightning code pages. Their vulnerability management process includes a publicly published 'Responsible Disclosure Policy' for intake. While Salesforce 'maintains security incident management policies and procedures,' specific MTTR or SLA targets for AppSec remediation are not publicly available. Automation and detection leverage 'Threat Detection events... designed using statistical and machine learning methods.' Secure SDLC artifacts involve gathering 'security requirements before any design or development work begins' and reviews 'Through a combination of automation, manual review, and well-defined processes.' Recent initiatives include Security Center and AI/LLM-focused guidance, with 'Shield provides powerful prevention capabilities' and efforts in 'Mitigating LLM Risks Across Salesforce's Gen AI Frontiers.' Information on a security champions program, detailed vulnerability SLAs, and a published AppSec org reporting line are not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.