Mobile Security Engineer - Product Security

Salesforce.com, Inc.
Seattle, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 177K

Job location

Seattle, United States of America

Tech stack

Clean Code Principles
Java
Artificial Intelligence
Android
Android Studio
iOS
XCode
Software System Penetration Testing
App Store (IOS)
Burp Suite
Mobile Application Development
Cloud Computing
Continuous Delivery
Continuous Integration
Cursor (Graphical User Interface Elements)
Mobile Application Software
OAuth
Open Source Technology
Open Web Application Security
Software Tools
Reverse Engineering
Salesforce
Security Assertion Markup Language (SAML)
Secure Coding
Mobile Security
Tableau
Toolchain
GitHub Copilot
Prompt Engineering
Software Security
Swift
Kotlin
Enterprise Integration
React Native
Google Play
Static Application Security Testing
Dynamic Application Security Testing

Job description

The Product Security team is seeking a Mobile Security Engineer who will own the security posture of Salesforce's mobile application portfolio - spanning many distinct apps and mobile Software Development Kits (SDKs) across iOS and Android for nearly every Cloud and acquisition. You'll be the dedicated technical owner for mobile application security testing, vendor-managed mobile scanning platforms, and security design reviews for mobile features, working at the intersection of mobile platform security and product engineering. Your work will directly protect the apps that millions of customers interact with daily, from the Salesforce flagship app to Tableau Mobile, Field Service, Trailhead, and Mobile Publisher. Join a team committed to ensuring every mobile release ships with validated security controls and that runtime protection, authentication flows, and binary hardening meet the highest standards.

What You'll Actually Be Doing

  • Perform manual and automated security assessments of iOS and Android applications, including binary reverse engineering, dynamic instrumentation, authenticated scanning, and review of OAuth/PKCE flows, certificate pinning implementations, and jailbreak/root detection controls.
  • Operate and expand the mobile scanning platform across the mobile app portfolio, manage pre-production Continuous Integration/Continuous Delivery (CI/CD) pipeline integration, configure scanning rulesets, triage findings, and coordinate quarterly with external penetration testing vendors.
  • Conduct secure code reviews across Swift, Kotlin, Java, and React Native mobile codebases, embed security controls in mobile SDKs and feature development, and lead threat modeling sessions for mobile-specific attack surfaces including on-device AI, app attestation, and deep linking.
  • Provide mobile security guidance to engineering teams across all Clouds, translate mobile findings into actionable remediation, respond to customer compliance questionnaires, and serve as the mobile security subject-matter expert for release planning and incident response.
  • Build and ship high-quality, production-grade security tooling and automation using modern engineering practices, with AI as a core part of your development workflow - pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
  • Design and orchestrate complex systems where AI agents integrate seamlessly into security workflows, driving efficiency and innovation at scale.
  • Contribute to building and maintaining shared system context - an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably. Critically evaluate code (human- or AI-generated) for correctness, quality, security, and performance.

Requirements

  • You have 2+ years in application security, mobile security testing, or mobile development with demonstrated knowledge of iOS and Android platform security models, the Open Web Application Security Project (OWASP) Mobile Top 10, and common mobile vulnerability classes.
  • You have hands-on experience with the mobile platform toolchain (Xcode/Android Studio)
  • Familiarity with security testing tools such as Frida, NowSecure, objection, MobSF, Burp Suite, or commercial mobile Static/Dynamic Application Security Testing (SAST/DAST) platforms.
  • You have an understanding of mobile authentication patterns (OAuth 2.0, PKCE, SAML), runtime protection mechanisms (code obfuscation, anti-hooking, anti-tampering), and app store ecosystem security considerations for both Apple and Google Play.
  • You have strong communication skills with the ability to explain mobile-specific risks to engineering partners who may not have mobile security context.
  • You bring a demonstrated, genuine AI-first approach to engineering - using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
  • You have experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
  • You have advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
  • A related technical degree required.

Even Better If...

  • You have experience evaluating mobile runtime protection tools such as Promon, DexGuard, or similar Runtime Application Self-Protection (RASP) solutions on jailbroken or rooted devices.
  • You hold mobile-focused security certifications such as GIAC Mobile Device Security Analyst (GMOB), or general offensive certifications such as Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE) with demonstrated mobile testing experience.
  • You have active participation in mobile bug bounty programs (HackerOne, Bugcrowd), published mobile security research, Common Vulnerabilities and Exposures (CVE) disclosures, or contributions to open-source mobile security tools.
  • You have experience with mobile CI/CD pipelines, automated binary scanning integration, or familiarity with the Salesforce ecosystem and applying AI tools such as Claude, Cursor, or Gemini for security assessments.

Benefits & conditions

benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions. The typical base salary range for this position is $117,200 - $176,700 annually. In select cities within the San Francisco and New York City metropolitan area, the base salary range for this role is $141,200 - $194,200 annually. The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.

About the company

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce., Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion

Apply for this position