Salesforce Senior Specialist

We Are Hiring Salesforce Senior Specialist Location: Remote/ VirtualWhy Join Ascension? Ascension leverages technology to create collaborative solutions that improve everyday health decisions. The technology enables seamless access to data across all applications transforming the customer experience when interacting with technology and enhancing our ability across Ascension to better serve communities with greater agility and responsiveness. It is used to provide insightful use of automation and data-drive improvements to enhance the provider, patient and consumer experience as well as keeping cybersecruity with a strong posture to protect data and other valuable assets. Ascension is a faith-based healthcare organization dedicated to transformation through innovation across the continuum of care. As one of the leading non-profit and Catholic health systems in the U.S., Ascension is committed to delivering compassionate, personalized care to all, with special attention to persons living in poverty and those most vulnerable. In FY2019, Ascension provided $2 billion in care of persons living in poverty and other community benefit programs.Ascension includes more than 150,000 associates and 40,000 aligned providers. The national health system operates more than 2,600 sites of care - including 150 hospitals and more than 50 senior living facilities - in 20 states and the District of Columbia, while providing a variety of services including clinical and network services, venture capital investing, investment management, biomedical engineering, facilities management, risk management, and contracting through Ascension's own group purchasing organization.What You Will Do Duties and responsibilities for this position include: Applies information security common bodies of knowledge from industry organizations in conjunction with Ascensions Enterprise Information Security Policy and Enterprise Privacy Policy. Participates with business partners in strategic design to translate security and business requirements into technical designs and solutions. Candidates will focus on identifying risk associated with business decisions through early interactions to recommend, document, and design high-level security solutions to support secure business solutions. consultants will work with product specialists, developers, and security teams to apply the appropriate technical controls.The role is geared for a Sr. Security Specialist that has experience with platform and application security testing, software engineering, and working in an agile engineering environment. We're looking for someone who's excited to apply those skills to the world's leading Platforms-as-a-Service.Experience

• Sales Force Application (CRM) platform
• SalesForce Application development & Apex programming language
• SalesForce Shield
• Copado, continuous integration and delivery (CI/CD) technologies
• Security Authentication/Authorization mechanism
• OWASP top 10 Vulnerabilities Expertise in Information Security Risk Management
• A high degree of security expertise in Multi Cloud environments & various AWSP services Experience
• Encryption mechanism and well aware of the standard encryption requirements.

• Scope and perform manual as well as automated application security reviews of our full stack: web applications, APIs, and platform architectures.
• Provide internal Salesforce teams with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
• Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program.
• Constantly question existing security practices and routines, and update, replace, or automate them.
• Write and promote secure development practices for organization.

• Experience with various open and closed security testing of applications.
• Experience with public cloud infrastructure security protections and weaknesses
• Experience with performing threat modeling and manual secure code review.
• Strong working knowledge of software engineering and architecture, web applications, linux internals, HTTP, TLS.
• Strong grasp of practical cryptography usage, able to recommend the best approach for storage, transport and identity purposes, specifically in the realm of public cloud.
• Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them.
• Enthusiastic and quick learning of complex systems and poorly-documented open source software.
• Comfortable working with continuous integration/delivery and agile development teams.
• Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.

• Strong candidates will have worked with some of these and/or similar technologies:+ Application Security tools like Burp, OWASP ZAP, brakeman, and other DAST and SAST tools.
• Windows, Linux, and especially technologies like LXC, Docker, seccomp, grsecurity, etc.
• A functional understanding of Amazon Web Services, Google Cloud Platform, and Azure - VPC, IAM, KMS, EC2, S3, EBS, ELB, etc., or similar primitives are not required, but will certainly help.
• Security features in container and container orchestration technologies (LXC, Docker, Kubernetes, gvisor).
• Languages - Primary language Apex and Copado familiarity, additional languages include:: Ruby, Python, Java, .net, c#, Go, Shell, JavaScript, both for performing code reviews and creating your own scripts and tooling (fuzzers, scanners, etc.).+ Modern web technologies - Ember.js, Angular, React+Redux, GraphQL, Socket.io/Websockets .+ Experience with building security automation is a big plus.
• Design, threat-model and verify the implementations of these services and educate our teams on secure application development and emerging threats.

• High school diploma/GED with 2 years of experience, or Associate's degree, or Bachelor's degree required

• 1 year of experience required.
• 4 years of experience preferred.
• 2 years of leadership or management experience preferred.