Product Security Engineer, Infrastructure Security

About the Role

We’re hiring a Product Security Engineer to join our Security Services and Tooling Infrastructure Team. This role requires the ability to engineer automated guardrails, contribute to "paved path" templates, and assist in maintaining multi‑cloud hygiene. The team is responsible for reducing developer toil while enforcing rigorous security configurations.

• Assist in the engineering and deployment of automated policy‑as‑code controls (e.g., OPA, Checkov) within CI/CD and runtime environments.
• Support the development and certification of Infrastructure‑as‑Code (IaC) modules. Ensure Terraform and multi‑substrate templates adhere to strict security standards before they reach the engineering lifecycle.
• Participate in the maintenance of Key Risk Indicator (KRI) dashboards for AWS and GCP. Analyze multi‑cloud asset data to identify and remediate privilege escalation paths.
• Actively identify manual security processes and develop automated scripts or tooling to eliminate them.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

• Do not wait for vulnerabilities to hit production. Proactively identify and block insecure configurations at the development stage.
• Solutions must minimize false positives. High‑noise implementations will be rejected.
• Do not solve for the single instance. Build for the organization. All solutions must scale across all Salesforce Clouds.

• Deep familiarity with Terraform. Must understand how to write and validate secure modules.
• Functional knowledge of AWS and GCP security configurations. Understanding of IAM, network boundaries, and organizational policies.
• Experience or strong aptitude for learning OPA (Open Policy Agent) or Checkov to implement preventative controls.
• Proficiency in Python or Go for automating security signal collection and remediation workflows.
• Understanding of how to integrate security tooling into automated deployment pipelines without impacting delivery velocity.
• A demonstrated, genuine AI‑first approach to tasks. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
• Experience using AI tools (e.g., Claude Code, Git Hub Copilot, Codex, Cursor).
• Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production‑ready.
• A related technical degree is required.

We offer a competitive base salary ranging from $117,200 to $176,700 annually. Benefits include time‑off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. For more details, see our benefits portal.

Salesforce is an equal opportunity employer and maintains a policy of non‑discrimination with all employees and applicants for employment. We are committed to a workplace free from discrimination on the basis of race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or any other classifications protected by law.

Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit.

If you need a reasonable accommodation during the application or recruiting process, please submit a request via the Accommodations Request Form.