Senior Salesforce Developer

About Forsys:

Forsys Inc. is a leader in Lead-to-Revenue transformation, combining strategy, technology, and business transformation to drive growth. With a team of over 500 professionals spread across the US, India, UK, Colombia, and Brazil, and headquartered in the Bay Area, Forsys epitomizes innovation and excellence.

Our role as an implementation partner for major vendors like Conga, Salesforce and Oracle; an incubator for pioneering ideas and solutions positions us uniquely in the consulting industry.

We are dedicated to unlocking new revenue streams for our clients and fostering a culture of innovation. Discover our vision and the impact we're making at forsysinc.com

Here is the scope:

Salesforce COE Security & Compliance Initiatives (H2 FY26)

1. Security Remediation & Code Quality:

Vendor Remediation (SEB1 & SEB2)Vendor addressing SEB1/SEB2 vulnerabilities in scope.300 files fell out of vendor scope must be deprecated, test classes fixed, or remediated internally.

Code Quality65K+ files with SEB1SEB5 vulnerabilities per Code Analyzer.

Building an agentic remediation workflow:Sample 100 files ? run Code Analyzer ? generate recommendations ? auto-execute changes ? create PR.If not ready in time, COE team may need to help build.

2. SOX Audit Profiles & Permission Sets:

Focus is only on user/system permissions (not object or field-level).Reviewing profiles and permission sets for least privilege.Enhancing quarterly access review automation:Compare approved baseline vs. current permissions.Detect deviations and alert before SOX review.Extend automation to run more frequently and integrate into CICD.Profiles with elevated permissions will require IP restrictions or compensating controls.

3. Security Incident Response & Hardening:

Driven by recent Salesforce ecosystem incidents (e.g., Drift/Salesloft):

Connected AppsRestrict end-user ability to connect arbitrary apps.Require approval process for new app connections.API AccessRemove Use Any API Client access from non-admin profiles.Object & Field-Level Security (FLS)Review integration and elevated profiles for least privilege.Chrome ExtensionsWork with Cloud Apps team to review Salesforce-related Chrome extensions.IP RestrictionsApply IP ranges to integration/elevated profiles where not already configured.PCI/PII in Case RecordsDetect sensitive PCI (e.g., SSN last 4) and PII (names, addresses) in cases.Ensure masking once cases are closed to reduce exfiltration risk.

4. Governance, Risk, and Compliance (GRC):

Production Data in Non-ProdOngoing discussions with GRC team:Masking vs. deletion + synthetic data for sandbox environments.Greater scrutiny on non-prod admin access:Prefer granting Login As permissions instead of sysadmin for testers.

5. Automation Enablement:

Extend automation for:Quarterly SOX reviews and ongoing monitoring of elevated permissions.Profile & permission set drift detection.Integration into CICD pipeline for preventative enforcement.Aim: Continuous governance + early remediation.

Key Outcomes for H2 FY26

Remediate out-of-scope files and improve overall code quality.Enforce least privilege across profiles and permission sets.Harden Salesforce against third-party app, API, and extension risks.Protect sensitive data (PCI/PII) across case records and non-prod environments.Establish governance automation as a proactive control, not reactive.