Salesforce, Inc.

Compensation

Full Description

About the Role • We are seeking a Senior Director of Penetration Testing & AI Exploitation to lead and scale a focused offensive security function dedicated to deep technical penetration testing and advanced AI/ML exploitation across our products and platforms. • This role owns the strategy, execution, and evolution of manual, research-driven penetration testing and AI-specific attack discovery, ensuring high-risk vulnerabilities are identified early, validated rigorously, and translated into clear, actionable remediation guidance for engineering teams. • The mandate is depth over breadth: fewer assessments, higher quality findings, and meaningful reduction of systemic risk—especially in AI-powered and data-driven systems. Key Responsibilities • Penetration Testing Leadership • Own and execute the global penetration testing strategy across applications, APIs, cloud services, and shared platforms. • Drive deep, manual, and white-box testing for high-risk products, features, and architectural changes. • Ensure penetration testing goes beyond checklists, focusing on real exploitability and impact. • Establish standardized scoping, rules of engagement, reporting quality, and validation practices. • AI Exploitation & Security Research • Lead AI/ML exploitation efforts, focusing on vulnerabilities in: • LLM-powered features and agents • Prompt injection, indirect prompt abuse, and tool misuse • Model data leakage, training data exposure, and inference-time attacks • Authorization, trust-boundary, and privilege escalation flaws in AI workflows • Drive original offensive research into emerging AI attack techniques and publish internal research artifacts to guide engineering defenses. • Partner with AI platform and product teams to influence secure-by-design patterns for AI systems. • Program Execution & Quality • Ensure all findings are: • Reproducible and technically validated • Clearly prioritized by risk and exploitability • Accompanied by precise remediation guidance, including short- and long-term fixes for systemic issues • Track remediation progress and validate fixes for high-risk findings. • Organizational Leadership • Build and lead a high-caliber team of senior penetration testers and AI security researchers. • Define role expectations, technical bars, and career progression for pentest and AI exploitation specialists. • Own hiring strategy, vendor augmentation (where appropriate), and budget for the function. • Cross-Functional Partnership • Partner closely with: • Product Security and Engineering teams during design, pre-GA, and major architectural shifts • Platform and AI infrastructure teams to assess shared services and foundational components • Provide expert guidance to leadership on pentest risk, AI exploitation trends, and systemic exposure. Required Qualifications • 12+ years of experience in penetration testing, offensive security, or vulnerability research, including leadership of senior technical teams. • Deep hands-on expertise in: • Application, API, cloud, and platform security • Advanced exploit chains and logic flaws • Demonstrated experience testing or attacking AI/ML systems, LLM-based features, or data pipelines. • Strong ability to translate complex technical findings into clear engineering actions and leadership narratives. Preferred Qualifications • Background in vulnerability discovery or offensive security research. • Experience assessing AI agents, autonomous workflows, or model-integrated products. • Experience integrating automation or AI-assisted techniques into penetration testing workflows. • Security research publications, talks, or tooling contributions (internal or external).