Principal Network Security Engineer /Architect



Multiple locations
Posted on Thursday, June 6, 2024

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Software Engineering

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

Principal Network Security Engineer /Architect

Salesforce’s Security team is seeking an Application Security Engineer to help secure the world’s #1 CRM. As a member of the NetSec DDoS team, you will be part of the team responsible for designing, building and maintaining innovative security services and solutions that support the needs of our internal and external customers. You'll be responsible and accountable for driving Application Security protection inside production Salesforce environments - both public cloud and first-party datacenters. This is a highly visible role that will work closely with partner teams to drive an integrated solution and respond to incidents.


  • Design, architect, engineer, and operate ground breaking DDoS solutions to provide protection across multiple substrates
  • Partners with other engineering teams and executives to develop short and long-term security, product, and service strategies.
  • Collaborate with other teams to solve security problems with minimal disruption to other business functions.
  • Continuous improvement of policies, procedures, and technology.
  • Interact with industry experts, partners, internal staff, and auditors.
  • Work effectively as part of a geographically distributed team.
  • Occasional travel is required (domestic and international).


  • Industry experience. 8+ years in Infrastructure or Security Architecture (5+ years for SMTS), including: * 3+ years experience in networking, security, or DDoS. * 3+ years experience in a high-availability 24/7 environment (cloud platforms are a plus)
  • M.Sc/M.Eng in Computer Science/Engineering or B.A/B.Sc. in same fields with equivalent years of experience
  • Familiar with denial of service attacks, mitigation strategies, and industry standard processes
  • Familiar with OWASP top 10 vulnerabilities, CWE, and related countermeasures
  • Experience with log analysis and monitoring systems such as Splunk, ELK, Grafana, etc.
  • Hands-on experience designing and maintaining innovative distributed denial of service solutions for large scale networks
  • Hands-on experience designing and maintaining public cloud environments, networking and security controls
  • Networking (Security). Industry-level expertise in any of the following networking (security) aspects
  • Network security platforms, including segmentation, ACLs, DDoS protection. Examples include:
  • Software: iptables, ipsec, VPN, IPS/IDS, firewall management platforms, ACL compilers and tooling (Capirca)
  • Hardware: switch ACLs, stateful firewalls, network segmentation, security zones
  • * VM and containers network stacks.
  • * OSI model and debugging network traffic.
  • * Networking protocols (TCP/UDP, BGP, DNS, DHCP)
  • * Datacenter network architecture at software platform and hardware devices (NAT, VXLAN, overlay/underlay)
  • * Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP)
  • * Must be proficient in network architecture and design, network security and network monitoring
  • * 2+ years Hands-on experience with one or more of Python, Go, Bash, JSON or Perl in order to push software and network interaction


  • * 5+ years of experience in Application Security or Security Architecture
  • * Experience designing and deploying DDoS/WAF technologies within public cloud and first-party environments
  • * Experience with content delivery networks such as Akamai, Cloudflare and Cloudfront.
  • * Experience writing custom WAF rules targeted to attack traffic
  • * Experience with application security testing through bug bounty programs, penetration testing, and red teaming exercises
  • * Knowledge of Salesforce, Marketing Cloud, and/or Commerce Cloud application architecture
  • * Well-versed in internet fundamentals, TCP stack, DNS and routing, communication protocols such as HTTP or TLS.
  • * Prior understanding of Agile/Scrum methodologies
  • * Experience with multi-tiered mission-critical systems
  • * Solid hands-on technical background particularly in managing highly complex, multi-platform web applications.


If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at and explore our company benefits at

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For California-based roles, the base salary hiring range for this position is $223,000 to $372,900.

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: