Senior Analyst, Public Sector Security & Compliance - Herndon, VA

Security Analyst in Herndon, VA

Posted 2019-12-09

PLEASE NOTE: Qualification for this job is contingent upon acceptable results from a background investigation as well as your obtaining and maintaining the specific level U.S. government security clearance required for this role.

Salesforce is looking for a person in our Public Sector Security Compliance team located in our Herndon, VA office. The Public Sector Security Compliance team is responsible for the execution, facilitation and management of certification programs across the Salesforce Government Cloud that our customers depend on. The role will be responsible for writing and compiling Compliance documentation, and the collection of supporting evidence related to U.S. public sector compliance authorizations maintained by Salesforce. The role will be heavily focused on evaluating technology controls, supporting audits for the company’s certification programs and acting as a compliance subject matter expert to the business. You will support a variety of external audits and evaluations; the focus for this position is FedRAMP but could also include other certification types.

A successful candidate for this role will be a strong communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among stakeholders in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding.

As a result of the Company's on-demand application service technologies and "software-as-a-service" business model, the Public Sector Security Compliance team often confronts novel and challenging compliance issues. The team's goal is to support all aspects of the Company's operations while providing a superior compliance and process management experience. The successful candidate must be comfortable working in a very fast-paced and constantly changing environment. This position is on a small team and reports to a Senior Manager.


Plan, Coordinate and execute work assignments with process/control owners and external auditors
Direct and perform controls testing, document results, and provide updates to the Security management, and internal stakeholders
Manage the timely and high-quality execution of certification programs.
Advise process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partners.
Assist with and drive remediation of control deficiencies and gaps identified internally and externally
Educate and train process/control owners so they better understand the security controls framework and their responsibilities
Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes.
Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
Partner with other leaders within Security to collaborate and support both process maturity and staff development.

Minimum Requirements:
The successful candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship. The candidate must have an active U.S. Government Top Secret Security Clearance.
The successful candidate will be required to provide clearance verification information prior to an offer of employment.
3 - 5 years auditing experience and in depth experience with the Compliance Certification life cycle.
Must have ability to write control responses, test criteria, and ability to prove compliance with appropriate evidence.

Qualifications and Experience:
In-Depth technical background with a good understanding of security concepts and practical usage
Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) services, or PaaS/SaaS is a plus
Excellent written and verbal communication skills; ability to effectively communicate across all levels of the Company
Analytical thinker with strong organizational skills; attention to detail is a must
Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as RMF, FedRAMP, DoD Cloud Computer SRG, FISMA, CJIS, DHS 4300A, IRS 1075, ICD 503, PCI, SOC, ISO is desired
Ability to work efficiently with minimal oversight/direction
Possess a “whatever it takes to get the job done” mentality (i.e., pick up the phone, stop by a desk, follow-up multiple times)
Flexibility in daily hours (i.e., willingness to work longer hours during peak periods in audit cycles)
Strong cross team collaboration skills
Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
Ability to travel up to 10%
Prefer candidates who have experience working with DoD, intelligence, and/or government contractors (especially working in classified environments).

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Company summary

Salesforce is the Customer Success Platform, offering social and mobile cloud technologies—including flagship sales and CRM applications—to help companies connect with customers, partners, and employees in entirely new ways.


Annual assessments to ensure equal pay; pre-tax commuter benefits; $100 per month wellness reimbursement; education reimbursement; bottomless snacks and beverages.

Tech Stack

JavaScript, HTML/CSS, AJAX, XML, JSON, Angular, React, SQL

Be seen in a new Security Analyst job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.