To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Products and Technology

Job Details

Platform Engineering (PE) is responsible for deploying secure infrastructure capabilities to 60,000+ Salesforce employees and business partners. We are looking for an experienced Sr. Network Security Architect to support our business objectives. This role owns the lifecycle of the network security domain for Business Technology (BT).

The successful candidate will bring deep, cross-functional leadership, strong experience in strategic planning and thinking, and be a technology visionary. This role will drive architecture design packages for network security, review and approve engineering design packages, and ensure proper oversight for quality assurance of engineering artifacts such as high-level and low-level designs. They will provide guidance to network engineering, build and mentor the operations teams throughout the design, build, and deployment phases reinforcing adherence to architectural standards and principles. They will minimize technical exposure and business risk by focusing on global security, audit, compliance, and service resiliency, and have the demonstrated ability to understand complex Business Technology environments.

Responsibilities

• Partner with Enterprise Architects, Product Owners, Product Managers, and other Solution Architects to align on strategic direction, translate business requirements into the network security framework and participate in planning a roadmap that will realize the framework.
• Develop overall vision, strategy, roadmap, and operational guidance for the network security domain, with a focus on meeting demands of rapidly growing and scaling global services.
• Research next generation technologies by conducting RFI, RFP, and POCs.
• Resolve architecture issues and provide improved design methodologies.
• Provide thought leadership in the network security architecture space, leading efforts to define, advocate for, select, and ultimately deliver the Salesforce BT next generation network architectures.
• Provide governance and oversight of all network security domain documentation and decisions to include architecture, roadmaps and standards.
• Mentor, coach and develop principal, lead, senior and mid-level network engineers
• Perform an annual update of the vision, values, methods, obstacles, and measures (V2MOM) for the network security domain.

Required skills/experience

• 7+ years direct experience required in the management and administration of highly-available network infrastructure - routers, switches, load balancers, SSL acceleration technology, etc.
• 5+ years of experience in global, production-scale infrastructure delivering multiple 9s of availability over an infrastructure comprising thousands of devices.
• Strong understanding of secure network architectures, including Zero Trust.
• Expertise in Single Sign-On (SSO) identity management systems using PKI (Public Key Infrastructure) and Certification Authorities (CA).
• Knowledge of and/or hands on experience with identity solutions and protocols (Ping/Okta/Sailpoint) and (SAML/OIDC/OAuth2).
• Expertise in network design and support of public cloud infrastructure: AWS, Azure, GCP.
• Solid understanding of security protocols, cryptography, authentication, authorization and security best-practices.
• Strong functional knowledge of network protocols for routing and access, including but not limited to: TCP/IP, IPv6, BGP, IS-IS, MPLS, LDP, RSVP, Qos/CoS, OSPF, Traffic Engineering, and layer 2 protocols (Spanning Tree, RPVST+/VSTP, LACP, LISP and 802.1q).
• Experience developing global, multi-site, resilient, self-healing network architectures and disaster recovery plans.
• Understanding of peering policies vs. transit policies and the ability to develop global transport, peering, and transit policies and network management techniques.
• Strong functional knowledge of SD-WAN solutions and micro-segmentation.
• Understanding the current state of the Internet's network major players and quality between vendors.
• Experience architecting and implementing IPv6 with focus on security, including DHCP, DNS and address management.
• Ability to diagnose and resolve routing issues, congestion problems, and hardware and software failures.
• Well-versed with a wide-variety of hardware and software manufacturers, with a high level of comfort and experience in mixed vendor environments.
• Strong familiarity with the state of network technology, and well-versed in virtualization, SDN, and similar constructs.
• Proven expertise and ability developing next generation infrastructure, including requirements specification, vendor evaluation and selection, data driven POCs, load testing, automated test suites, vendor interoperability, pilot deployments, and iterative design.
• Deep understanding of security concepts and putting those concepts into practice in a network environment. Firewall, IDS, DDoS, etc. experience strongly preferred.
• Experience in network automation and configuration management (e.g., Ansible, Terraform, Netmiko/Napalm, GitHub, CI/CD).
• Experience forecasting, budgeting, and cost modeling to meet business, financial, and technical requirements in a coherent package.
• Strategic planning and design thinking.
• Excellent communication and interpersonal skills, ability to interface with internal customers and establish strong, collaborative partnerships with engineers, non-technical stakeholders, and executives.

Desired skills/experience

• A self-starter who inspires others with their work ethic and drive.
• The ability to mentor, foster and instill architectural and engineering principles, skills, and practices.
• Detail oriented and highly motivated with the ability to work in a collaborative environment.
• Experience with ITIL, ITSM, TOGAF, AWS Well Architected, or other similar frameworks.
• Experience working in Agile / Devops organization.
• Experience with Software Development Life Cycle (SDLC).
• Professional certifications such as CISSP and/or CCIE Security certification is preferred.

This role is Office-Flex (~1-3 days/wk in office) or Fully Remote

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Salesforce welcomes all.

As a federal contractor, Salesforce is required to verify that all US-based employees are fully vaccinated against COVID-19. If you receive an offer and are unable to get vaccinated for religious or medical reasons, you may request a reasonable accommodation.