Mobile Security Engineer - Product Security

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category Product Job Details About Salesforce Salesforce is the #1 AI CRM, where humans with agents drive customer success together.

Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce. The Experience The Product Security team is seeking a Mobile Security Engineer who will own the security posture of Salesforce's mobile application portfolio — spanning many distinct apps and mobile Software Development Kits (SDKs) across iOS and Android for nearly every Cloud and acquisition.

You'll be the dedicated technical owner for mobile application security testing, vendor-managed mobile scanning platforms, and security design reviews for mobile features, working at the intersection of mobile platform security and product engineering.

Your work will directly protect the apps that millions of customers interact with daily, from the Salesforce flagship app to Tableau Mobile, Field Service, Trailhead, and Mobile Publisher. Join a team committed to ensuring every mobile release ships with validated security controls and that runtime protection, authentication flows, and binary hardening meet the highest standards.

What You'll Actually Be Doing Perform manual and automated security assessments of iOS and Android applications, including binary reverse engineering, dynamic instrumentation, authenticated scanning, and review of OAuth/PKCE flows, certificate pinning implementations, and jailbreak/root detection controls.

Operate and expand the mobile scanning platform across the mobile app portfolio, manage pre-production Continuous Integration/Continuous Delivery (CI/CD) pipeline integration, configure scanning rulesets, triage findings, and coordinate quarterly with external penetration testing vendors.

Conduct secure code reviews across Swift, Kotlin, Java, and React Native mobile codebases, embed security controls in mobile SDKs and feature development, and lead threat modeling sessions for mobile-specific attack surfaces including on-device AI, app attestation, and deep linking.

Provide mobile security guidance to engineering teams across all Clouds, translate mobile findings into actionable remediation, respond to customer compliance questionnaires, and serve as the mobile security subject-matter expert for release planning and incident response.

Build and ship high-quality, production-grade security tooling and automation using modern engineering practices, with AI as a core part of your development workflow — pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.

Design and orchestrate complex systems where AI agents integrate seamlessly into security workflows, driving efficiency and innovation at scale. Contribute to building and maintaining shared system context — an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

Critically evaluate code (human- or AI-generated) for correctness, quality, security, and performance. You're Our Person If... You have 2+ years in application security, mobile security testing, or mobile development with demonstrated knowledge of iOS and Android platform security models, the Open Web Application Security Project (OWASP) Mobile Top 10, and common mobile vulnerability classes.

You have hands-on experience with the mobile platform toolchain (Xcode/Android Studio) Familiarity with security testing tools such as Frida, NowSecure, objection, MobSF, Burp Suite, or commercial mobile Static/Dynamic Application Security Testing (SAST/DAST) platforms.

You have an understanding of mobile authentication patterns (OAuth 2.0, PKCE, SAML), runtime protection mechanisms (code obfuscation, anti-hooking, anti-tampering), and app store ecosystem security considerations for both Apple and Google Play.

You have strong communication skills with the ability to explain mobile-specific risks to engineering partners who may not have mobile security context. You bring a demonstrated, genuine AI-first approach to engineering — using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.

You have experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows. You have advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.

A related technical degree required. Even Better If... You have experience evaluating mobile runtime protection tools such as Promon, DexGuard, or similar Runtime Application Self-Protection (RASP) solutions on jailbroken or rooted devices.

You hold mobile-focused security certifications such as GIAC Mobile Device Security Analyst (GMOB), or general offensive certifications such as Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE) with demonstrated mobile testing experience.

You have active participation in mobile bug bounty programs (HackerOne, Bugcrowd), published mobile security research, Common Vulnerabilities and Exposures (CVE) disclosures, or contributions to open-source mobile security tools. You have experience with mobile CI/CD pipelines, automated binary scanning integration, or familiarity with the Salesforce ecosystem and applying AI tools such as Claude, Cursor, or Gemini for security assessments.

Unleash Your Potential When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best , and our AI agents accelerate your impact so you can do your best . Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love.

Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world. Accommodations If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form .

Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions.

Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options. Posting Statement Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment.

What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal.

Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law.

This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between.

Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education. In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience.

Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program.

More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions.

The typical base salary range for this position is $117,200 - $176,700 annually. In select cities within the San Francisco and New York City metropolitan area, the base salary range for this role is $141,200 - $194,200 annually.

The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.