Devsecops Engineer

About the Role

We are seeking an experienced DevSecOps Engineer to join our Salesforce Shared Services team. In this role, you will not just manage pipelines for a single org, but serve as a platform guardian for multiple business units (BUs) operating on our shared Salesforce infrastructure.

You will bridge the gap between Development, Security, and Operations, ensuring that our CI/CD pipelines are robust, scalable, and secure by design. You will be responsible for defining and enforcing governance standards that allow independent squads to deploy rapidly without compromising the integrity or security of the shared platform.

Key Responsibilities

1. Shared Services & Governance (40%)

• Multi-Org Release Management: Architect and manage unified release paths for multiple parallel workstreams (e.g., Sales, Service, and Marketing clouds) merging into a single production environment.
• Environment Strategy: Maintain a complex sandbox strategy (Dev, QA, UAT, Staging, Hotfix) to support concurrent development by 5+ scrum teams without code overwrites or regression.
• Guardrails & Compliance: Implement and enforce "Shift-Left" security policies within the CoE, ensuring all code (Apex, LWC) meets security standards before it reaches the repository.
• Platform Health: Monitor limits (API, Storage, Apex) across the shared org to prevent "noisy neighbor" issues where one BU consumes resources affecting others.

2. DevSecOps & Automation (40%)

• CI/CD Pipeline Architecture: Build and maintain end-to-end automated pipelines using SFDX, Jenkins/Azure DevOps/GitLab, and release tools (e.g., Copado, Flosum, or Gearset).
• Automated Security Scanning: Integrate SAST/DAST tools (e.g., Checkmarx, SonarQube, Clayton, or PMD) into the pipeline to auto-reject insecure code (e.g., SOQL injection, missing FLS checks).
• Version Control Management: Manage intricate branching strategies (Gitflow/Feature Branch) to handle merge conflicts across shared metadata components (e.g., Custom Objects, Profiles).
• Data Seeding & Masking: Automate sandbox seeding while ensuring sensitive PII/PHI data is masked or anonymized in non-production environments (using tools like OwnBackup or Odaseva).

3. Security & Monitoring (20%)

• Salesforce Shield Configuration: Manage Platform Encryption policies and Event Monitoring logs to detect anomalies in user behavior.
• Vulnerability Management: Regularly run Salesforce Health Checks and Optimizer reports; lead the remediation of findings from external penetration tests.
• Audit Readiness: Maintain automated audit trails of who deployed what and when to satisfy SOX/ISO compliance requirements.

Required Skills & Qualifications

Experience:

• 4+ Years of hands-on experience in Salesforce Development and DevOps.
• 2+ Years specifically working in a Multi-Org or Shared Services model (supporting multiple teams/BUs).

Technical Mastery:

• Release Tools: Expert proficiency in at least one major Salesforce DevOps tool (Copado, Flosum, Gearset, or AutoRABIT).
• CLI & Scripting: Deep knowledge of Salesforce CLI (SFDX), Bash/Shell scripting, and for automation scripts.
• Version Control: Advanced Git skills (resolving complex merge conflicts in XML/JSON metadata).
• Security Standards: Solid understanding of OWASP Top 10 vulnerabilities and how they apply to Salesforce (e.g., Sharing Rules, FLS, XSS in LWC).
• Salesforce Core: Ability to read/debug Apex and LWC (you don't need to be a full-time dev, but you must understand the code you are securing).

Soft Skills:

• Stakeholder Management: Ability to push back on Business Units when deployments violate shared governance/security rules.
• Mentorship: Willingness to train Junior Developers on Git best practices and secure coding.