Job Details

About the position

We are seeking an Endpoint Security Engineer who will contribute to the architecture, strategy, and execution of endpoint security across the enterprise. You will help ensure the resilience, scalability, and integrity of endpoint defense mechanisms in support of the overall security posture.

Your primary focus will be to implement a consistent, risk-based, and standards-aligned approach to Endpoint Security, thereby configuring the Enterprise endpoints used on Salesforce networks, systems, and services so that they are able to adequately protect against threats that impact the confidentiality, integrity, and availability of Salesforce.

This is a hands-on technical role where you will contribute to implementing new services and adapting existing ones to meet the evolving needs of our business. You'll be a part of a broader team with responsibilities across the full spectrum of endpoint security, including endpoint hardening, malware and virus detection, application blocklisting, Endpoint Detection and Response (EDR), vulnerability scanning and cloud security posture management (CSPM). Your expertise will be instrumental in developing other services that leverage offerings from leading security vendors.

Responsibilities

• Support Endpoint Security Strategy & Architecture
• Contribute to defining the long-term technical roadmap for endpoint protection, including tools like CrowdStrike, EDR, Application Control, Vulnerability Scanning, etc.
• Assist in Deployments & Coverage
• Help ensure Enterprise-wide deployment of endpoint security tools, achieving high coverage by aligning tool capabilities to the enterprise device inventory (including rollout of agents across macOS, Windows, Linux, and mobile platforms).
• Maintain Governance & Compliance
• Support the definition and enforcement of policies, SOPs, and operational protocols for endpoint security tools. Help ensure that endpoint hygiene meets or exceeds regulatory and compliance requirements.
• Contribute to Automation & Resilience
• Assist in the design of robust automation pipelines—leveraging scripting—to reduce manual effort, enforce consistency, and support rapid incident response.
• Enhance Detection & Response Posture
• Contribute to architecting rigorous detection logic and response workflows, collaborate with SIEM, SOAR, and telemetry teams to integrate and tune event ingestion, alerting, and remediation across multiple systems.
• Innovate Security through Design
• Engage in threat modeling, vendor evaluation, and platform enhancements; assist in proof-of-concepts (PoCs) for new technologies that align with evolving security and business needs.
• Collaborate with security and engineering teams to integrate Endpoint services and ensure security policies are effectively enforced at scale.
• Partner with Product Management throughout the entire project lifecycle, from initial design and vendor selection to implementation and ongoing operations, ensuring projects are delivered on time and with high quality.
• Develop and maintain comprehensive documentation for security services, policies, and procedures.
• Stay current with the latest threats and technologies in the cloud security and endpoint security landscape, actively seeking opportunities to innovate and improve our security posture.

About You

• Passionate about cloud and endpoint security, with a deep understanding of the attack surface and how to defend it.
• A strong collaborator and communicator who can work effectively with engineers, product managers, and leadership.
• Eager to learn new technologies and adapt to a fast-paced, evolving environment.
• A natural problem-solver who can take on complex technical challenges and find elegant, scalable solutions.
• Comfortable navigating between tactical and strategic work, from hands-on coding to high-level system design.

Required Skills/Experience

• 5+ years of experience in a hands-on security engineering role, with a strong focus on Endpoint Security Technologies & Solutions including EDR and vulnerability scanning tools.
• Experience of contributing to significant security projects with major vendors like Tenable, Tanium, CrowdStrike, Qualys, Palo Alto, or similar.
• Familiarity with CSPM solutions, including vendor products and cloud-native services from major providers (AWS, Azure, GCP).
• Practical knowledge of managing client-server architectures.
• Hands-on experience developing software using modern programming languages such as Go and Python.
• Strong problem-solving and analytical skills.
• Must have a fundamental understanding of accepted security practices, troubleshooting issues, and attack vectors.
• Practical use of Agile development practices and the software development lifecycle.
• Experience with configuration management tools and Infrastructure as Code (e.g., Terraform, Ansible).
• Background working in an enterprise environment.
• A related technical degree required.

Preferred Qualifications

• Some relevant security certifications.
• Familiarity with compliance frameworks and standards like NIST, ISO 27001, SOC 2, and FedRAMP.
• Operational knowledge of Client operating systems like Windows, Linux, Mac, and mobile platforms.