Security Consultant – Salesforce Apex Code Security
Position Overview
Our client is seeking an experienced Security Consultant to support their Salesforce development program.
The client''s engineering teams write custom functionality using Apex, and this role is responsible for identifying security vulnerabilities and coding lapses within that codebase, as well as monitoring for intrusion attempts and suspicious activity across the Salesforce environment. The ideal candidate combines strong application security / code review expertise with hands-on experience in security monitoring and intrusion detection.
Key Responsibilities
• Perform security-focused code reviews of custom Apex classes, triggers, and Visualforce/Lightning components to identify vulnerabilities and insecure coding practices.
• Identify and document security lapses such as SOQL/SOSL injection, insecure sharing rule bypasses, CRUD/FLS (Field-Level Security) violations, and improper use of ''without sharing'' contexts.
• Review Apex code for adherence to secure coding standards (OWASP guidelines adapted for Salesforce) and Salesforce security best practices.
• Monitor the Salesforce environment for intrusion attempts, anomalous login activity, unauthorized data access, and other security events.
• Configure and tune security monitoring tools/alerts (e.g., Salesforce Shield, Event Monitoring, Transaction Security Policies) to detect suspicious behavior in real time.
• Investigate security incidents and alerts, perform root-cause analysis, and recommend remediation steps to development teams.
• Collaborate with Salesforce developers to remediate identified vulnerabilities and validate fixes prior to release.
• Develop and maintain secure coding guidelines, checklists, and review processes for the Apex development team.
• Support periodic security audits, penetration test coordination, and compliance reviews of the Salesforce platform.
• Provide clear, actionable reports on findings to technical and non-technical stakeholders.
Required Skills & Experience
• Proven experience as a Security Consultant, Application Security Engineer, or similar role with a focus on code security review.
• Hands-on experience reviewing and securing Apex code within the Salesforce platform (Apex classes, triggers, batch jobs, Lightning components).
• Strong understanding of Salesforce security architecture, including sharing rules, profiles, permission sets, FLS, and org-wide defaults.
• Experience with security monitoring and intrusion detection tools and practices.
• Familiarity with Salesforce Shield (Event Monitoring, Field Audit Trail, Platform Encryption) is highly desirable.
• Knowledge of secure coding standards and common vulnerability classes (e.g., OWASP Top 10) as applied to Apex/Salesforce.
• Experience using static/dynamic code analysis tools (e.g., Salesforce Code Analyzer, Checkmarx, Veracode) is a plus.
• Strong analytical and troubleshooting skills, with the ability to investigate and respond to security alerts.
• Excellent written and verbal communication skills to convey technical findings to varied audiences.
• Relevant certifications a plus: Salesforce Certified Platform Developer I/II, Salesforce Certified Identity and Access Management Designer, CEH, Security+, or similar.
Preferred Qualifications
• Bachelor''s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• Prior experience working within an IT staffing or consulting engagement model.
• Experience integrating security monitoring workflows with SIEM tools.