Staff Software Engineer, Product Security

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Software Engineering

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Applications will be accepted until 02/23/2026.

Slack enables people around the world to communicate and collaborate together, from the world’s largest public companies to the smallest of startups. We take performance and reliability very seriously. A taste of our scale:
During the week, our users spend over a billion minutes a day active in our product.

At peak usage, a million messages a minute passed through Slack.
Every day we see over 15 million simultaneously connected users
For millions of people, Slack is their primary communication tool for work and more and they expect it to be exceptionally reliable and fast year-round.
About Us

Our Product Security Assurance team supports the following tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction, high impact security across everything we do. As a member of the Product Security team, you care about shipping secure products and protecting Slack’s users from bad actors.  You are passionate about enabling our developers to deliver new features securely. You think about your job as not just identifying individual vulnerabilities but also finding effective ways to eliminate whole classes of them. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and working to be a little better every single day. In our work environment, we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, read on ahead!

What you will be doing

• Contributing security-focused feedback to engineers during all phases of the development lifecycle
• Performing technical security assessments on our web applications, native clients, internal services, and partner applications
• Seeking out opportunities to automate processes when appropriate
• Scaling the impact of our team through direct mentorship of our more junior team members
• Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
• Maintaining and creating secure development practices and programs for our engineering teams and external developers
• Acting as an ambassador for security within Slack
• Serving as a public representative for security at Slack by engaging periodically in internal and external speaking engagements
• Identifying emerging classes of vulnerabilities and developing solutions for them before they’re a problem
• Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources

What you should have

• Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
• Experience in security testing of web applications and native apps including Electron and iOS and Android mobile applications.
• Deep understanding of web application architecture and design principles
• Experience with Threat Modeling applications using STRIDE or similar framework.
• Experience with websockets and protobuf a plus
• Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
• Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP, HackLang
• Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Snyk, and/or Semgrep
• Knowledge of authentication mechanisms like SAML, OAuth, etc.
• Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
• Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
• Ability to see patterns, commonalities and investigate complex issues
• Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues
• Experience with Amazon AWS services and familiarity with Slack products is a plus
• Current or former security training or certifications such as SANS GWAPT, OSCP, OSWE or similar is a plus
• Utilizing AI tools and AI security testing is a plus
• Public speaking engagements or published research is also a plus;  a successful engineer in this role will be expected to represent Slack externally from time to time
• Though this is not primarily a development role, some background in software engineering in a collaborative and dynamic environment is a plus

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For New York-based roles, the base salary hiring range for this position is $211,500 to $334,600.

For Colorado-based roles, the base salary hiring range for this position is $192,200 to $278,600.

For Washington-based roles, the base salary hiring range for this position is $192,200 to $306,600.

For Washington D.C based roles, the base salary hiring range for this position is $211,500 to $306,600.

For Maryland based roles, the base salary hiring range for this position is $211,500 to $306,600.

For California-based roles, the base salary hiring range for this position is $230,800 to $334,600.

For Hawaii-based roles, the base salary hiring range for this position is $192,200 to $278,600.

For Illinois based roles, the base salary hiring range for this position is $192,200 to $306,600.

For Minnesota based roles, the base salary hiring range for this position is $192,200 to $278,600.

For New Jersey based roles, the base salary hiring range for this position is $211,500 to $306,600.

For Vermont based roles, the base salary hiring range for this position is $192,200 to $278,600.

For Massachusetts based roles, the base salary hiring range for this position is $192,200 to $306,600.