JD – Security Analyst / Penetration Tester (Salesforce Security)
Position Details
- Role: Security Analyst / Penetration Tester
- Location: Bengaluru, India
- Experience: 3+ Years (Relevant Experience)
- Qualification: Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or related field
- Employment Type: Full-Time
- Preferred Notice Period: Less than 15 Days
About the Role
We are seeking a highly motivated Security Analyst / Penetration Tester with 3+ years of experience in Application Security and Secure Software Development Lifecycle (SSDLC) practices. The candidate will work closely with Salesforce Engineering, QA, DevOps, and Platform teams to identify, validate, and remediate security vulnerabilities across Salesforce applications, APIs, integrations, and CI/CD pipelines.
The ideal candidate should possess hands-on experience in penetration testing, vulnerability assessment, secure code review, Salesforce security, and modern AI-assisted security analysis techniques.
Key Responsibilities
Application & Platform Security
- Perform manual and automated penetration testing of Salesforce applications, including Apex, Lightning Components, Visualforce, APIs, and third-party integrations.
- Conduct vulnerability assessments and security reviews for web applications, APIs, and cloud-based environments.
- Identify, validate, and document vulnerabilities with detailed risk assessments and remediation recommendations.
- Develop proof-of-concept (PoC) exploit scenarios to demonstrate security risks.
Secure Development Lifecycle (SDL)
- Participate in Secure SDLC activities including:
- Security requirement reviews
- Threat modeling (STRIDE)
- Data Flow Diagram (DFD) creation and analysis
- Risk assessments
- Security design reviews
- Collaborate with development and QA teams to implement security best practices throughout the software lifecycle.
Security Testing & Automation
- Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using tools such as:
- Checkmarx
- CodeScan
- SonarQube
- Burp Suite
- OWASP ZAP
- Integrate security controls and testing into CI/CD pipelines.
- Automate security validation activities through scripting and tooling.
Salesforce Security
- Review and assess Salesforce security configurations, including:
- Object-Level Security
- Field-Level Security
- Profiles and Permission Sets
- Sharing Rules
- Connected Apps
- API Security Controls
- Support platform hardening initiatives and Salesforce security compliance efforts.
Vulnerability Management & Reporting
- Manage and track vulnerabilities through JIRA or similar tracking systems.
- Generate security reports, dashboards, KPIs, and executive summaries.
- Support remediation verification and closure activities.
Knowledge Management
- Conduct security awareness sessions and technical knowledge-sharing workshops.
- Present security findings and recommendations to technical and non-technical stakeholders.
- Leverage AI-powered security tools for vulnerability detection, code analysis, threat research, and security automation.
Required Skills & Experience
Technical Skills
- Strong understanding of:
- OWASP Top 10
- SANS/CWE Top Vulnerabilities
- Secure Coding Practices
- Application Security Principles
- Experience in:
- Web Application Penetration Testing
- API Security Testing
- Authentication & Authorization Security
- Session Management Security
- Data Protection & Encryption Concepts
- Working knowledge of Salesforce security concepts:
- Apex Security
- SOQL Security
- Lightning Security Controls
- Integrations and APIs
- Hands-on experience with SAST and DAST tools.
- Proficiency in scripting using:
- Python
- Bash
- PowerShell
- Familiarity with:
- JSON
- XML
- OAuth 2.0
- JWT
- SAML
- Exposure to AI-assisted security tools and prompt-based security analysis.
Preferred Qualifications / Certifications
Any of the following certifications will be an added advantage:
- CEH (Certified Ethical Hacker)
- CompTIA Security+
- eJPT / eWPT
- OSCP (Offensive Security Certified Professional)
- CRTP (Certified Red Team Professional)
- Salesforce Administrator Certification
- Salesforce Security-related Certifications
Soft Skills
- Excellent verbal and written communication skills.
- Strong analytical and problem-solving abilities.
- Ability to collaborate effectively with cross-functional teams.
- Strong stakeholder management and presentation skills.
- Self-driven with the ability to work in a fast-paced environment.
Selection Criteria
- Relevant experience in Application Security / Penetration Testing: 3+ Years
- Strong exposure to Salesforce security testing and secure development practices.
- Availability to join within 15 days or less will be preferred.
Application Details
Location: Bengaluru, India
Qualification: Any Bachelor's Degree
Notice Period: Less than 15 Days Preferred
Send Resumes To: [email protected]
Pay: ₹100,000.00 - ₹200,000.00 per month
Application Question(s):
- Your Current CTC?
- Your Exp CTC?
- Your Notice Period (should be < 15 days)?
- If you are in 'Serving Notice Period', what is your LWD?
- Will you relocate to Bengaluru?
- How many years of exp in Security Analyst / Penetration Tester for Salesforce applications ?
- How many years of exp in Security Testing & Automation ?
Work Location: In person