Product Security Lead

About The Position

Requirements

• Deep hands-on experience in penetration testing, offensive security, or application security testing.
• 5+ years of experience in penetration testing, offensive security, and vulnerability research.
• Proven experience leading complex penetration testing engagements in production or production-like environments.
• Strong understanding of: Application security vulnerabilities and attack chains Identity and access control failures Cloud security and hybrid environments Common defensive controls and their real-world limitations Security risks specific to AI and LLM-based systems
• Hands-on experience with: Manual exploitation and vulnerability chaining Custom scripts, payloads, or proof-of-concept development Advanced use (and limitation awareness) of automated testing tools Testing AI-powered applications and APIs
• Ability to clearly articulate: Exploitation mechanics and impact Risk in business and engineering terms Practical, prioritized remediation strategies
• Strong communication skills and experience working directly with engineers, security teams, and leadership.

Responsibilities

• Lead and execute advanced penetration tests across: Web applications and APIs Cloud and hybrid infrastructure (k8, docker etc) Identity, authorization, and trust boundaries Internal and external enterprise attack surfaces AI / ML-enabled systems (e.g., LLM-backed applications, Agentic AI)
• Identify, exploit and demonstrate realistic business and risk impact
• Perform advanced penetration testing activities, including: Manual exploitation beyond automated tooling Business logic and authorization abuse Privilege escalation Abuse of identity, access, and trust relationships AI-specific offensive testing, including prompt injection, indirect prompt injection, and abuse of AI integrations
• Own penetration testing engagements end-to-end via: Scoping Test execution Risk assessment and prioritization Clear reporting and remediation guidance
• Develop deep technical understanding of systems and products to uncover systemic weaknesses, not just isolated bugs, including weaknesses introduced by AI-driven components.
• Partner closely with: Engineering teams to explain root causes and exploitation paths Security architects and AppSec teams to influence design and guardrails Detection & Response teams where findings have monitoring or alerting implications
• Produce high-quality, technically detailed reports that clearly explain Exploitation path, missing /lacking Security Controls and Mitigation solutions
• Contribute to tooling, automation, and testing frameworks where it improves scale or consistency (without replacing deep manual testing).

Benefits

• Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program.
• More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.