Product Security Engineer, Infrastructure Security

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category:
Product

Salesforce is the #1 AI CRM. We seek Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce’s core values at the heart of it all.

We’re hiring a Product Security Engineer to join our Infrastructure Security Team. This role requires the ability to engineer automated guardrails, contribute to “paved path” templates, and assist in maintaining multi‑cloud hygiene. The team is responsible for reducing developer toil while enforcing rigorous security configurations.

* IN SCHOOL OR GRADUATED WITHIN THE LAST 12 MONTHS? PLEASE VISIT FUTURE FORCE FOR OPPORTUNITIES*

• Assist in the engineering and deployment of automated policy‑as‑code controls (e.g., OPA, Checkov) within CI/CD and runtime environments.
• Support the development and certification of Infrastructure‑as‑Code (IaC) modules. Ensure Terraform and multi‑substrate templates adhere to strict security standards before they reach the engineering lifecycle.
• Participate in the maintenance of Key Risk Indicator (KRI) dashboards for AWS and GCP. Analyze multi‑cloud asset data to identify and remediate privilege escalation paths.
• Actively identify manual security processes and develop automated scripts or tooling to eliminate them.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

• Proactively identify and block insecure configurations at the development stage.
• Solutions must minimize false positives. High‑noise implementations will be rejected.
• Build for the organization. All solutions must scale across all Salesforce Clouds.

• 2+ years of professional related experience.
• Deep familiarity with Terraform. Must understand how to write and validate secure modules.
• Functional knowledge of AWS or GCP security configurations. Understanding of IAM, network boundaries, and organizational policies.
• Experience or strong aptitude for learning OPA (Open Policy Agent) or Checkov to implement preventative controls.
• Proficiency in Python or Go for automating security signal collection and remediation workflows.
• Understanding of how to integrate security tooling into automated deployment pipelines without impacting delivery velocity.
• A demonstrated, genuine AI‑first approach to tasks. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
• Experience using AI tools (e.g., Claude Code, Git Hub Copilot, Codex, Cursor, etc.).
• Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production‑ready.
• A related technical degree required.

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.

Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.

Salesforce is an equal opportunity employer and maintains a policy of non‑discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal.

Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to…