Salesforce Security Analyst / Penetration Tester - S S

Required Skills: • Penetration Testing • OWASP Top 10 • Web API Testing • SAST DAST Tools • Salesforce Security • OAuth 2.0 • JWT Nice to Have: Security Analyst / Penetration Tester Experience: 2–4 years Looking for a Penetration Tester with 2–4 years of experience in application security, secure SDLC practices. The role involves working with Salesforce engineering, QA, and platform teams to identify, validate, and remediate vulnerabilities across Salesforce applications, integrations, APIs, and CI/CD pipelines. Key Responsibilities • Perform manual and automated penetration testing for Salesforce apps, Apex, Lightning, APIs, and integrations. • Conduct SAST and DAST using tools like Checkmarx, CodeScan, SonarQube, BurpSuite, OWASP ZAP, etc. • Validate vulnerabilities, create proof-of-concept exploits, and guide remediation. • Integrate security controls into CI/CD and participate in Sprint-level security reviews. • Contribute to SDL tasks: risk assessments, DFDs, threat modelling (STRIDE), and requirement reviews. • Track and manage vulnerabilities in JIRA, generate reports, KPIs, and dashboards. • Review Salesforce security configurations (object/field security, profiles, sharing, connected apps, API security) and support platform hardening. • Conduct knowledge-sharing sessions and present findings. • Use AI tools for intelligent vulnerability detection, code analysis, automation, and research. Skills (2–4 Years) • Strong understanding of OWASP Top 10, SANS CWE, and core app security concepts. • Experience in web and API pentesting, authentication, authorization, session and data security. • Basic–intermediate Salesforce security knowledge (Apex, SOQL, Lightning, integrations). • Familiarity with SAST/DAST tools, Python/Bash/PowerShell scripting, JSON/XML, OAuth 2.0, JWT, SAML. • Experience with AI-assisted security tools and prompt-based analysis. Soft Skills • Strong communication, collaboration, and presentation abilities. • Certifications such as CEH, Security+, eJPT/eWPT, OSCP, CRTP, or Salesforce Security/Admin (optional). Qualification : Any bachelor's degree Experience(in years) : 6 Skill Set Required : Salesforce QA