Do you want to build security tools that protect a large fleet of Salesforce instances across Amazon? Are you interested in applying deep Salesforce platform knowledge to solve security challenges at this scale? Do you want to use AI to invent and simplify?
Salesforce Success Central (SFSC) delivers products and programs that improve the return on investment in Amazon's enterprise-wide Salesforce deployments. SFSC is looking for a Security Engineer with strong Salesforce platform expertise to build and maintain the tools that help service owners secure their Salesforce orgs. You will apply your knowledge of Salesforce security architecture, profiles, permission sets, sharing models, and platform APIs to develop automated security scanning and detection capabilities. You will deliver guidance to service owners on improving their operational maturity, and you will partner with Amazon security teams to implement standards across our Salesforce environment. We do more than find problems. We deliver enablement and automation that maintain more secure environments.
You will also build detections, create security evaluations, and deliver customer-facing experiences that make the secure path the easy path. You will serve as a trusted advisor to service owners, helping them interpret findings, prioritize remediation, and build security into their Salesforce operations from the start. This role includes hands-on engineering. You will design, code, and ship security tools built on AWS infrastructure and Salesforce platforms.
You will also partner with SecOps and security teams across Amazon, acting as the Salesforce subject matter expert who bridges platform-specific configurations with enterprise security requirements.
This role requires someone who brings a security engineering lens to Salesforce org configurations. You understand how authentication flows (SSO, OAuth, SAML), authorization models (profiles, permission sets, sharing rules, org-wide defaults), and third-party integrations (connected apps, named credentials, API access) introduce exposure. You can translate that deep security knowledge into automated evaluations and actionable guidance for teams with varying levels of Salesforce experience.
We have a team culture that encourages ownership and innovation. You will work with a small, collaborative team where your contributions have direct, measurable impact on the security posture of Salesforce at Amazon.
Key job responsibilities
- Build and maintain automated security scanning and evaluation capabilities that assess Salesforce org configurations against defined security standards
- Apply deep Salesforce platform knowledge to identify security risks in profiles, permission sets, sharing rules, connected apps, session settings, and custom Apex code
- Develop detections for configuration changes that introduce security risk, and deliver escalation workflows that route findings to the right owners
- Partner with service owners to interpret security findings, prioritize remediation, and implement secure configurations within their Salesforce environments
- Write and refine security evaluations that measure operational maturity across the Salesforce fleet
- Develop customer-facing guidance, documentation, and training that help service owners understand and resolve Salesforce security findings independently
- Collaborate with Amazon enterprise security teams to translate security requirements into Salesforce-specific implementation patterns
- Stay current with Salesforce platform releases, AI innovations, and security features, assessing their impact on Amazon's security posture and updating tooling accordingly
- Support other teams performing security reviews, vulnerability analysis, and incident response when Salesforce expertise is required
A day in the life
Your time splits across building, advising, and investigating. You write SOQL-based detections and Apex code that automate security checks, review scan results to triage new findings, and update detection logic when Salesforce releases change the threat surface. You meet with service owners to walk through remediation plans for exposed integrations or misconfigured access models. Security teams across Amazon reach out when they need Salesforce expertise to assess a risk or validate an architecture decision. No two days look the same, but each one connects platform knowledge to measurable security outcomes.
About the team
We value diverse experiences. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, we encourage you to apply. SFSC sits at the intersection of security, SaaS platform engineering, and enterprise operations. The team is small, so your work ships fast and has visible impact across the organization. You will build expertise in securing third-party platforms at a scale that few companies operate, and you will partner with security teams across Amazon who rely on your Salesforce knowledge to make decisions. We seek out and celebrate a diversity of ideas, perspectives, and technical backgrounds.
BASIC QUALIFICATIONS
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience using Salesforce
PREFERRED QUALIFICATIONS
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Knowledge of command line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks
- Experience with AWS products and services
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- 4+ years of hands-on experience with the Salesforce platform, including administration, security configuration, and development
- Proficiency in SOQL for data extraction and security detection, with working knowledge of Salesforce metadata schema and platform APIs
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, TX, Dallas - 159,300.00 - 202,400.00 USD annually
USA, WA, Seattle - 159,300.00 - 202,400.00 USD annually