Senior Security Engineer - Salesforce Platform

Your work days are brighter here.

We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.

About the Team

Be a part of something big.

Workday is embarking on our next growth adventure. As our Business Technology team continues its mission to deliver unparalleled value to our business partners and customers, we are expanding our presence in the Asia-Pacific region with a new Business Technology office in Pune, India. This new office will be an essential development center to propel the growth of our company through transformational programs for Go-To-Market and Enterprise Data Analytics teams. If you want to be a part of building something big that will drive value throughout the entire global organization, then this is the opportunity for you. You will be working on top priority initiatives that span new and existing technologies - all to deliver outstanding results and experiences for our Customers and employees.

About Go-To-Market Team:

The Business Technology Go-To-Market team works in close partnership with our business partners to help fuel growth and revenue goals for Workday, along with driving exceptional Customer and employee experiences. The team is responsible for developing and supporting innovative architecture-led solutions for our Marketing, Sales, Services, Customer Support & Legal business functions with Salesforce being the primary platform alongside other cutting edge platforms like SnapLogic for Integrations, Conga/Apttus for CPQ, CLM, AWS as PaaS, Coveo Search Platform, OKTA for SSO and others

About the Role

Our Go-To-Market (GTM) Enterprise Applications team is currently looking for a experienced Senior Security Engineer to join our dynamic Salesforce Platform team.

As a Senior Security Engineer for Salesforce Platform, you will lead the technical hardening of the platform by operationalizing SAST/DAST programs and embedding security guardrails directly into DevSecOps pipelines. You’ll be responsible for conducting deep-dive reviews of Apex and LWC code, architecting secure integrations via OAuth/SSO, and enforcing least-privilege access across complex multi-org environments. By bridging the gap between security and engineering, you will drive threat modeling, mentor developers on secure design patterns, and coordinate the end-to-end remediation of platform vulnerabilities.

Job Description

• Platform Hardening & DevSecOps: Drive the technical security of Salesforce by operationalizing SAST/DAST tools and embedding automated security guardrails directly into CI/CD pipelines.

• Technical Security Reviews: Perform deep-dive security assessments of Apex code, Lightning Web Components (LWC), and custom configurations to identify and mitigate vulnerabilities.

• Identity & Integration Security: Implement secure integrations using OAuth/SSO and enforce least-privilege access and data protection standards across multi-org environments.

• Vulnerability Remediation: Execute threat modeling for high-risk features and partner directly with developers to provide technical guidance and verify the remediation of identified risks.

 

Responsibilities:

Platform Hardening & Security Architecture

• Implement end-to-end security configurations for Salesforce platforms, including enterprise customizations and multi-org environments.

• Apply Salesforce security standards and reference architectures aligned with the enterprise security strategy.

• Conduct technical security design reviews for complex implementations, integrations, and platform transformations.

• Assess platform risk posture and provide technical recommendations for remediation strategies.

Application Security & Vulnerability Management

• Operationalize and maintain SAST/DAST programs for Apex, Lightning Web Components (LWC), Visualforce, APIs, and metadata.

• Execute the vulnerability management lifecycle: detection, triage, risk scoring, and technical verification of fixes.

• Perform deep-dive security code reviews of custom Apex, managed packages, and complex platform configurations.

• Perform threat modeling for high-risk features and integrations; implement compensating controls where required.

• Support penetration testing efforts and perform the hands-on coordination of remediation across engineering teams.

Secure Customization & DevSecOps

• Develop and document secure development standards for Apex, LWC, and platform configurations.

• Integrate security controls and automated scanning into CI/CD pipelines and release governance.

• Provide technical guidance to developers and admins on secure design patterns and remediation techniques.

• Review and provide security clearance for critical releases and architectural changes.

Integration & Identity Security

• Configure and review secure integrations using REST/SOAP, OAuth 2.0, SSO, and external identity providers (IdP).

• Enforce least-privilege access, secure token handling, encryption, and key management practices.

• Technically evaluate third-party AppExchange integrations for security vulnerabilities prior to installation.

• Implement data protection mechanisms for sensitive and regulated data across storage and data flows.

Monitoring & Incident Support

• Configure monitoring strategies using Salesforce Event Monitoring, Shield, and anomaly detection telemetry.

• Perform periodic access reviews, security posture assessments, and technical audit readiness activities.

• Support incident response and forensics activities specifically related to Salesforce environments.

About You

Basic Qualifications:

• Education & Experience: Bachelor’s degree in Computer Science, Cybersecurity, or a related field with 10+ years of professional experience within the Salesforce ecosystem.

• Specialized Expertise: Minimum of 7+ years of direct, hands-on experience in Security Engineering for large-scale Salesforce Enterprise Software Applications.

• Incident & Vendor Management: Proven track record of hands-on security incident response, including technical investigation and coordination with third-party vendors and cross-functional engineering teams.

• Platform Security Mastery: Deep technical knowledge of the Salesforce security model, including advanced Sharing Rules, Permission Sets/Groups, Salesforce Shield, and Event Monitoring.

Technical Qualifications

• Expertise: Deep knowledge of the Salesforce security model (Sharing Rules, Permission Sets, Shield, Event Monitoring).

• Coding: Hands-on experience securing and debugging Apex, LWC, and Salesforce APIs.

• Tools: Proficiency with AppSec testing methodologies (SAST/DAST) and CI/CD integration tools (e.g., Checkmarx, DigitSec, Copado).

• Identity: Strong understanding of IAM, OAuth flows, and encryption standards.

• Certs: Salesforce Security Specialist, Platform Developer I/II, or GIAC/OSCP preferred.

Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

  

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

  

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.