Salesforce Security Officer

Salesforce Security Engineer And System Security Officer (SSO)eSimplicity is a modern digital services company that works across government, partnering with clients to improve the lives and ensure the security of all Americansfrom soldiers and veterans to kids and the elderly, and defend national interests on the battlefield. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that equip federal agencies with solutions to courageously transform today for a better tomorrow for all Americans. We are seeking a Salesforce Security Engineer and System Security Officer (SSO) with a proven balance of technical security engineering and governance/compliance expertise who is to be responsible for providing security support services while meeting security compliance requirements for a portfolio of systems at various states of maturity and modernization. The SSO is expected to work inside a DevSecOps / SAFe Agile delivery framework and must operate inside an Agile Release Train (ART) alongside DevSecOps, Product Owners, and Engineers. The SSO role is embedded, constantly aligning security with Agile delivery rather than in a detached compliance silo. In this role, the SSO is ultimately a happy mix of DevSecOps engineer, Security Governance Guru and Security Product Owner/Scrum Master that is responsible and accountable for end-to-end ownership of security processes, from design through continuous operation and improvement, across Salesforce GovCloud and AWS environments to include but is not limited to possessing the following capabilities: Embrace SSO to SAFe Agile Responsibilities, acting as a Security Product Owner/Scrum Master within Agile ceremonies, ensuring security backlog items are identified, refined, and prioritized alongside feature delivery. Act as the Technical Salesforce Security SME for Federal Government Programs, responsible for designing, implementing, and enforcing security controls across Salesforce Government Cloud (Experience Cloud, Health Cloud) environments Act as a hands-on security team engineering/technical lead and a governance champion and subject matter expert, directing technical remediation while capable of actively responding to and maintaining all Authorization to Operate (ATO) requirements. Serve as the primary liaison for incident response, security inquiries, and compliance reporting to the agency and stakeholders. Create various communication channels to provide timely and accurate responses to security related data calls (System Security & Compliance Status, Vulnerability and Compliance scanning issues). Manage coordination and response to agency security related inquiries, compliance with agency policies, implementation of security controls, and maintenance of security documentation and artifacts. Provide subject matter expertise throughout the system development lifecycle and interface with multiple stakeholders through multiple touchpoints weekly. Lead Security Impact Analyses (SIAs), integrate automated security validation into CI/CD pipelines, and ensure tools are configured and tuned for maximum effectiveness. Drive continuous improvement and automation of security processes, including access control, vulnerability management, and compliance validation; continuously monitoring the cybersecurity posture of systems to secure against cyber threats, and provide security governance, architectural guidance, and enforcement of security controls across the Salesforce and AWS ecosystem. Direct how security tools, cloud services, and guardrails are implemented by our DevSecOps engineering teams; as well as taking ownership of communication and visualization of security issues especially where coordination between product teams, information owners, engineering and infrastructure staff is necessary for remediation. Manage end-to-end onboarding/offboarding lifecycle processes, ensuring timely provisioning, least-privilege access enforcement, privileged account management, and periodic reviews. Build and maintain dashboards and reporting solutions that give leadership and teams visibility into risk, vulnerabilities, and compliance status. Responsibilities: Lead Salesforce security reviews for new features and integrations, validating object-level, field-level, record-level access, sharing behaviors, and APIs before production releases Design and govern Salesforce access models using Profiles, Permission Sets, Permission Set Groups, Roles, Sharing Rules, and Delegated Administration, ensuring least-privilege and separation of duties Manage end-to-end vulnerability management lifecycle from detection to remediation and reporting. Drive identification of new attack vectors and implement automation-driven improvements; configure and operate security tools (Snyk, AppOmni, Tenable, Invicti, Splunk, SecurityHub), to ensure findings are triaged, prioritized, and remediated. Champion the integration of automated security testing into the CI/CD pipeline to align with continuous delivery practices. Integrate security controls into CI/CD pipelines (GitHub Actions, Jenkins, Copado, Terraform, Kubernetes). Build and maintain dashboards in Splunk, Jira, or equivalent tools to report on vulnerabilities, compliance, access reviews, and system posture. Lead Security Impact Analyses (SIAs) for proposed changes and facilitate the SIA process within Agile cadence, ensuring change reviews don't block delivery but still meet compliance. Lead incident response activities, from detection through remediation and post-mortem review; conduct log reviews (Splunk), to monitor systems for breaches, and ensure tuning of detection and alerting rules. Define, enforce, and lead least-privilege access models for Salesforce, CI/CD pipelines, AWS and infrastructure. Manage end-to-end user lifecycle: onboarding, offboarding, least-privilege enforcement, privileged access reviews, and IAM guardrail enforcement. Automate identity and access workflows wherever possible and integrate continuous access reviews with reporting dashboards. Develop automation (Python, Bash, PowerShell, APIs) for onboarding, compliance validation, and recurring security tasks. Lead compliance interactions as the primary liaison for agency data calls, reviews, and audits; maintain and update all ATO documentation (SSPs, POA&Ms, IRPs, CMPs, PIAs, contingency plans); facilitate tabletop exercises and ensure lessons learned are implemented. Participate in SAFe Agile Program Increment (PI) Planning, architecture reviews, sprint planning, and backlog refinement to embed security throughout the SDLC providing input on security guardrails, dependencies, and risks that may impact delivery commitments. Clearly communicate security requirements to technical and non-technical audiences. Drive the reengineering of processes for efficiency and visibility, ensuring leaders and engineers have actionable data. Define and manage security enablers in the program backlog to ensure that architectural runway includes continuous security improvements. Collaborate with Release Train Engineers (RTEs) to track security risks, impediments, and dependencies across teams; work directly with Scrum Masters and Product Owners to ensure user stories include clear security acceptance criteria; ensure security features and enablers are represented in Definition of Done (DoD) across all product teams. Mentor product and engineering teams on secure development practices and continuous security; translate and tailor NIST 800-53 Rev 5 and CMS security controls into actionable tasks for DevSecOps teams. Educate Agile teams on secure development practices and evolving threat models, ensuring security becomes part of the team culture. Review and validate completed user stories and features to confirm security controls have been implemented as designed; continuously measure and report security-related metrics (e.g., backlog burn-down of vulnerabilities, compliance closure rates) during Inspect & Adapt workshops. Requirements: All candidates must pass public trust clearance through the U.S. Federal Government. This requires candidates to either be U.S. citizens or pass clearance through the Foreign National Government System which will require that candidates have lived within the United States for at least 3 out of the previous 5 years, have a valid and non-expired passport from their country of birth and appropriate VISA/work permit documentation. A Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. OR In lieu of a degree, 10 years of general information technology experience and at least 8 years of specialized experience may be substituted. Deep, practical knowledge of Salesforce security architecture, including Profiles vs Permission Sets, Permission Set Groups, Sharing Rules, Role Hierarchies, Record-Level Security, and Delegated Administration Experience performing security reviews of Salesforce metadata and application logic, including Apex, Flows, and Experience Cloud configurations Minimum of 8 years experience implementing security controls and monitoring compliance for systems, in accordance with federal system security and privacy regulations. Strong understanding of continuous automated security practices applied to data and application engineering teams. Demonstrated ability to manage end-to-end security processes, from requirements and configuration through monitoring, reporting, and closure. Proven hands-on management of user onboarding and offboarding processes, including provisioning, deprovisioning, least-privilege enforcement, privileged account management, and periodic reviews. Experience with designing security "baked-in" to any architecture: Cloud and IaC, Applications, Web application, Data Processing, Data Centric Applications, AI/ML, CICD Pipelines; seeks automation driven designs. Demonstrated work experience with computer networking, cryptography, security engineering and