Summer 2021 Intern - Product Security Engineer at in Burlington, Massachusetts

Posted in Other 5 days ago.

Type: Full Time

Job Description:

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.





Trust is the #1 company value at Salesforce. Our Product Security team ensures the security of our products and serves as subject matter experts for our R&D teams and AppExchange partners to protect our customers data in today s rapidly evolving threat landscape. We are a team of curious minds that specialize in security research, penetration testing, and innovative tool development. We evaluate a broad range of technologies including complex web applications, distributed processing, virtualized environments and isolation of untrusted code.
With the full backing of our executive leadership, you'll work closely with the technology organization and partners to evaluate the design and implementation of our product offerings, help create innovative security solutions for our products, and educate our teams on secure application development and emerging threats. In addition, you will create new tools, conduct industry-leading research, and solve challenging technical problems on the forefront of application security.


* Perform black-box penetration testing and code reviews of our flagship services, product offerings and partners apps.

* Implement the technology organization's security and privacy initiatives by participating in design reviews and threat modeling.

* Participate in our incident response and vulnerability remediation efforts.

* Perform cutting-edge applied research on new attacks and present new findings to both internal and external audiences.

* Evaluate application security tools for internal consumption. Develop new automation and tooling to improve our detection and prevention capabilities.

* Develop secure code practices and provide hands-on training to developers and quality engineers.


* Pursuing B.S. / M.S. in Computer Science, Electrical Engineering

* Basic knowledge of security concepts based on relevant courses, self-learning or past internships.

* Familiarity with identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.

* Relevant development experience in several of these languages: Java, JavaScript / NodeJS, Ruby, .NET, C / Objective C, PHP, Python.

* Familiarity with the browser security model, crypto, and network security.

* Solid understanding of Application and Networking fundamentals

* Attacker mindset: Passion for breaking all the things unbreakable.


* Knowledge of platform (Apex, VisualForce, Aura ) and the Salesforce application.

* Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.

* Familiarity with security tools such as static analysis, runtime analysis, black-box testing.

* Prior work experience in an application security role.

ACCOMMODATIONS - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.


At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. and do not accept unsolicited headhunter and agency resumes. and will not pay any third-party agency or company that does not have a signed agreement with or

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.