Product Security Engineer, Infrastructure Security

Description

We're hiring a Product Security Engineer join our Infrastructure Security Team. This role requires the ability to engineer automated guardrails, contribute to "paved path" templates, and assist in maintaining multi-cloud hygiene. This team is responsible for reducing developer toil while enforcing rigorous security configurations.

Responsibilities:

• Assist in the engineering and deployment of automated policy-as-code controls (e.g., OPA, Checkov) within CI/CD and runtime environments.
• Support the development and certification of Infrastructure-as-Code (IaC) modules. Ensure Terraform and multi-substrate templates adhere to strict security standards before they reach the engineering lifecycle.
• Participate in the maintenance of Key Risk Indicator (KRI) dashboards for AWS and GCP. Analyze multi-cloud asset data to identify and remediate privilege escalation paths.
• Actively identify manual security processes and develop automated scripts or tooling to eliminate them.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.

Performance Expectations:

• Do not wait for vulnerabilities to hit production. Proactively identify and block insecure configurations at the development stage.
• Solutions must minimize false positives. High-noise implementations will be rejected.
• Do not solve for the single instance. Build for the organization. All solutions must scale across all Salesforce Clouds.

Required Technical

Competencies:

• 2+ years of professional related experience
• Deep familiarity with Terraform. Must understand how to write and validate secure modules.
• Functional knowledge of AWS or GCP security configurations. Understanding of IAM, network boundaries, and organizational policies.
• Experience or strong aptitude for learning OPA (Open Policy Agent) or Checkov to implement preventative controls.
• Proficiency in Python or Go for automating security signal collection and remediation workflows.
• Understanding of how to integrate security tooling into automated deployment pipelines without impacting delivery velocity.
• A demonstrated, genuine AI-first approach to tasks. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
• Experience using AI tools (e.g., Claude Code, Git Hub Copilot, Codex, Cursor, etc.).
• Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
• A related technical degree required.