Senior Security Engineer Salesforce Platform

Your work days are brighter here.

Were obsessed with making hard work pay off for our people our customers and the world around us. As a Fortune 500 company and a leading AI platform for managing people money and agents were shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join youll feel it. Not just in the products we build but in how we show up for each other. Our culture is rooted in integrity empathy and shared enthusiasm. Were in this together tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether youre building smarter solutions supporting customers or creating a space where everyone belongs youll do meaningful work with Workmates whove got your return well give you the trust to take risks the tools to grow the skills to develop and the support of a company invested in you for the long haul. So if you want to inspire a brighter work day for everyone including yourself youve found a match in Workday and we hope to be a match for you too.

About the Team

About the Role

Our Go-To-Market (GTM) Enterprise Applications team is currently looking for a experienced Senior Security Engineer to join our dynamic Salesforce Platform team.

As a Senior Security Engineer for Salesforce Platform you will lead the technical hardening of the platform by operationalizing SAST/DAST programs and embedding security guardrails directly into DevSecOps pipelines. Youll be responsible for conducting deep-dive reviews of Apex and LWC code architecting secure integrations via OAuth/SSO and enforcing least-privilege access across complex multi-org environments. By bridging the gap between security and engineering you will drive threat modeling mentor developers on secure design patterns and coordinate the end-to-end remediation of platform vulnerabilities.

Job Description

• Platform Hardening & DevSecOps: Drive the technical security of Salesforce by operationalizing SAST/DAST tools and embedding automated security guardrails directly into CI/CD pipelines.

• Technical Security Reviews: Perform deep-dive security assessments of Apex code Lightning Web Components (LWC) and custom configurations to identify and mitigate vulnerabilities.

• Identity & Integration Security: Implement secure integrations using OAuth/SSO and enforce least-privilege access and data protection standards across multi-org environments.

• Vulnerability Remediation: Execute threat modeling for high-risk features and partner directly with developers to provide technical guidance and verify the remediation of identified risks.

Responsibilities:

Platform Hardening & Security Architecture

• Implement end-to-end security configurations for Salesforce platforms including enterprise customizations and multi-org environments.

• Apply Salesforce security standards and reference architectures aligned with the enterprise security strategy.

• Conduct technical security design reviews for complex implementations integrations and platform transformations.

• Assess platform risk posture and provide technical recommendations for remediation strategies.

Application Security & Vulnerability Management

• Operationalize and maintain SAST/DAST programs for Apex Lightning Web Components (LWC) Visualforce APIs and metadata.

• Execute the vulnerability management lifecycle: detection triage risk scoring and technical verification of fixes.

• Perform deep-dive security code reviews of custom Apex managed packages and complex platform configurations.

• Perform threat modeling for high-risk features and integrations; implement compensating controls where required.

• Support penetration testing efforts and perform the hands-on coordination of remediation across engineering teams.

Secure Customization & DevSecOps

• Develop and document secure development standards for Apex LWC and platform configurations.

• Integrate security controls and automated scanning into CI/CD pipelines and release governance.

• Provide technical guidance to developers and admins on secure design patterns and remediation techniques.

• Review and provide security clearance for critical releases and architectural changes.

Integration & Identity Security

• Configure and review secure integrations using REST/SOAP OAuth 2.0 SSO and external identity providers (IdP).

• Enforce least-privilege access secure token handling encryption and key management practices.

• Technically evaluate third-party AppExchange integrations for security vulnerabilities prior to installation.

• Implement data protection mechanisms for sensitive and regulated data across storage and data flows.

Monitoring & Incident Support

• Configure monitoring strategies using Salesforce Event Monitoring Shield and anomaly detection telemetry.

• Perform periodic access reviews security posture assessments and technical audit readiness activities.

• Support incident response and forensics activities specifically related to Salesforce environments.

About You

Basic Qualifications:

• Education & Experience: Bachelors degree in Computer Science Cybersecurity or a related field with 10 years of professional experience within the Salesforce ecosystem.

• Specialized Expertise: Minimum of 7 years of direct hands-on experience in Security Engineering for large-scale Salesforce Enterprise Software Applications.

• Incident & Vendor Management: Proven track record of hands-on security incident response including technical investigation and coordination with third-party vendors and cross-functional engineering teams.

• Platform Security Mastery: Deep technical knowledge of the Salesforce security model including advanced Sharing Rules Permission Sets/Groups Salesforce Shield and Event Monitoring.

Technical Qualifications

• Expertise: Deep knowledge of the Salesforce security model (Sharing Rules Permission Sets Shield Event Monitoring).

• Coding: Hands-on experience securing and debugging Apex LWC and Salesforce APIs.

• Tools: Proficiency with AppSec testing methodologies (SAST/DAST) and CI/CD integration tools (e.g. Checkmarx DigitSec Copado).

• Identity: Strong understanding of IAM OAuth flows and encryption standards.

• Certs: Salesforce Security Specialist Platform Developer I/II or GIAC/OSCP preferred.

Our Approach to Flexible Work

With Flex Work were combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections maintain a strong community and do their best work. We know that flexibility can take shape in many ways so rather than a number of required days in-office each week we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers prospects and partners (depending on role). This means youll have the freedom to create a flexible schedule that caters to your business team and personal needs while being intentional to make the most of time spent together. Those in our remote home office roles also have the opportunity to come together in our offices for important moments that matter.

At Workday we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point please email .

Are you being referred to one of our roles If so ask your connection at Workday about our Employee Referral process!

At Workday we value our candidates privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition Workday will never ask candidates to pay a recruiting fee or pay for consulting or coaching services in order to apply for a job at Workday.