✦ Luna Orbit — Cybersecurity

Product Security Engineer

at Salesforce

📍 California - San Francisco Unknown 💰 $117K – $176K USD / year Posted April 05, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $117K – $176K USD / year
Type Full-Time
Experience senior
Exp. Years 5+ years
Education Related technical degree required
Category Cybersecurity

About this role

Product Security Engineer at Salesforce focused on embedding security in product development, threat modeling, secure code reviews, and penetration testing across a multi-language stack.

Key Responsibilities

  • Threat modeling for integrations
  • Secure code reviews across stacks
  • Penetration testing
  • IAM design and evaluation
  • Security research & pentesting coordination

Technical Overview

Security engineering across Java, C#, PHP, Python; threat modeling; secure code reviews; DAST/SAST tooling; IAM protocols; OWASP Top 10 and SANS Top 25 knowledge.

Ideal Candidate

The ideal candidate is a 5+ year security professional with strong threat modeling, code review, and pen-testing experience across a multi-language stack, plus OWASP and SANS controls.

Must-Have Skills

5+ years in security rolesExperience securing enterprise cloud platformsKnowledge of OWASP Top 10 and SANS Top 25Security tooling (DAST/SAST)OIDC/SAML/OAuth2 knowledgeSecurity code reviewsPenetration testing

Nice-to-Have Skills

OSCPOSWEGWAPTAWS Cloud Security SpecialistGCP Cloud Security ExpertBug Bounty involvementOpen-source security contributionsSalesforce ecosystem experienceAI-assisted security

Tools & Platforms

SnykSemgrepGitHub ActionsDASTSAST

Required Skills

5+ years in security roles; Java; Python; OWASP Top 10; SANS Top 25; Threat modeling; Secure code reviews; Penetration testing; OAuth2; SAML; OIDC; IAM; DAST; SAST

Hard Skills

JavaC#PHPPythonSAMLOAuth2OIDCIdentity & Access ManagementThreat ModelingSecure Code ReviewPenetration TestingOWASP Top 10SANS Top 25DASTSASTGitHub ActionsSecurity ToolsSnykSemgrepAgentic IdentityIDSDLPIAM

Soft Skills

CommunicationBusiness communicationThreat modelingSecurity architectureMentoringTeam collaborationProblem solvingAdaptabilityContinuous learning

Certifications

Preferred

OSCPOSWEGWAPTAWS Cloud Security SpecialistGCP Cloud Security Expert

Industry & Role

Industry SaaS
Job Function Assess and strengthen security posture of Salesforce product ecosystem
Role Subtype Security Engineer
Tech Domains Java, C#, PHP, Python, OAuth2, SAML, OIDC, Identity & Access Management, Threat Modeling, Penetration Testing, OWASP Top 10, SANS Top 25, Snyk, Semgrep, GitHub Actions, DAST, SAST

Keywords for Your Resume

product security engineersecurity engineerthreat modelingrisk assessmentcode reviewspenetration testingowasp top 10sans top 25samloauth2oidcidmauthenticationauthorizationidentity managementproactive securityddosdlpidsdaSTsastsnyksemgrepgithub actionsaimachine learningProduct Security EngineerJavaPythonOWASPSASTDASTPenetration TestingThreat ModelingOAuth2SAML

Deal Breakers

Lack of OWASP Top 10 / SANS Top 25 knowledge, No security tooling (DAST/SAST) experience, No 5+ years in security

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile