Professional Experience
Arvest Bank / TEKsystems
Salesforce Security Engineer
March 2025 - Present
- Lead Salesforce security engineering in a regulated financial services environment, focused on platform security, secure architecture reviews, prerelease assessments, production readiness, and technical control validation.
- Designed and built custom Salesforce security auditing tooling to evaluate org configurations, code findings, access-control posture, and platform security risk, producing audit-ready reporting for governance and remediation planning.
- Expanded Salesforce security finding visibility from roughly 270 findings to 3,650+ internal findings, and roughly 7,500+ findings including vendor-managed package code, improving detection coverage, risk awareness, and remediation prioritization.
- Led Salesforce penetration testing across multiple enterprise orgs, identifying approximately 20 high-impact findings and providing actionable remediation guidance that improved platform hardening.
- Built custom Experience Cloud security testing tooling to evaluate external exposure patterns, Aura endpoint risk, access-control assumptions, GraphQL exposure, and platform-specific attack paths.
- Engineered and contributed to Transaction Security Policies as real-time preventative controls, including controls that block insecure TLS cipher suite connections to Salesforce orgs.
- Integrated Salesforce Code Analyzer into GitLab CI/CD pipelines, shifting vulnerability detection left into development workflows and improving pre-production remediation visibility.
- Built Salesforce CLI and Python automation that queries Apex metadata, evaluates API-version compliance, supports controlled metadata updates, performs sandbox dry-run deployments, and produces remediation-ready evidence for developer review.
- Designed and implemented LoginAs monitoring and audit framework to inspect privileged impersonation activity, support compensating-control requirements, and preserve operational capability with stronger oversight.
- Built Salesforce Network Security readiness tooling that analyzes authentication and API telemetry against integration inventory to validate IP-based access controls, identify vendor IP drift, flag undocumented traffic, and support post-implementation troubleshooting.
- Architected secure sandbox provisioning and refresh automation across GitLab pipelines, Gearset, and Salesforce APIs, enabling automated sanitization and preparation tasks with validation status and auditable artifacts.
- Contributed to company-wide GitLab pipeline execution policy related to Terraform, policy-as-code, and DevSecOps controls, helping standardize secure pipeline behavior across engineering workflows.
- Assisted with Traceable AI implementation using Terraform-backed deployments into GCP/GKE clusters, supporting API security policy deployment across MuleSoft, IBM API Connect, and related API environments.
- Built the Salesforce Splunk index to support SIEM visibility, telemetry normalization, detection engineering, and Salesforce security monitoring use cases.
MS Companies
Salesforce Developer & Cybersecurity Specialist
2021 - March 2025
- Led Salesforce platform development and security initiatives across enterprise systems, operating across application engineering, cloud integration, network administration, security operations support, and governance.
- Designed and implemented multi-layered security controls spanning platform configuration, vendor tooling, access management, internal governance processes, and secure system integrations.
- Performed application security testing, vulnerability assessments, cloud-based testing, web application security testing, and red-team-style testing across Salesforce and integrated systems.
- Managed network administration, EDR, DNS, web hosting, web security, and Google Workspace administration, supporting endpoint, identity, network, and SaaS security needs.
- Built and delivered secure integrations across Salesforce, AWS, and third-party platforms, ensuring appropriate authentication, data handling, access control, and operational reliability.
- Led migration of a business-critical application from third-party hosting to internally managed AWS resources, implementing secure architecture patterns across IAM, encryption, network security, EC2, SQL Server, DNS, and web services.
- Developed AWS Lambda functions in Python to securely extend Salesforce Service Cloud Voice capabilities and improve data availability and execution performance by approximately 15%.
- Managed and developed Service Cloud Voice and Digital Engagement implementation, migrating from a traditional VoIP contact center to a Salesforce/AWS integrated system.
- Built active-status personnel tooling that provided a single source of truth and automated onboarding/offboarding alerts, improving identity and access governance workflows.
- Established and enforced security policies, standards, and documentation that supported governance, compliance, and repeatable security operations.
- Automated critical business processes and integrations, producing approximately $90K in annual cost savings and reducing manual operational overhead.
- Established a vendor partnership and negotiated Google Workspace cost savings of approximately $47K annually.
- Improved recruiting placement effectiveness by more than 33% through system enhancements and process automation.
- Migrated hundreds of Workflow and Process Builder automations to Salesforce Flow and trained Salesforce administrators on best practices, business processes, and technical implementation concepts.
- Earned three promotions within two years while expanding scope across Salesforce development, cybersecurity, infrastructure, integrations, and enterprise technology operations.
Contact
Denver, CO
nic.h@nich-enterprises.com
317-205-7156
Summary
Senior security engineer specializing in Salesforce platform security, application security, cloud-integrated systems, identity and access controls, DevSecOps, and security automation.
Key Skills
Salesforce Security Architecture
Application Security
Platform Security
Cloud Security
DevSecOps
Security Automation
Terraform
Policy-as-Code
Penetration Testing
Experience Cloud Security
API Security
Identity and Access Management
SSO/SAML
Active Directory / Entra ID
Salesforce Shield
Event Monitoring
Transaction Security Policies
Salesforce Code Analyzer
GitLab CI/CD
AWS
GCP/GKE Exposure
Python
Apex
JavaScript
LWC / Aura
Splunk SIEM
Detection Engineering
Google Workspace Administration
EDR Administration
DNS and Web Security
Governance and Secure Development Standards