Senior​/Lead Software Engineer; SMTS​/LMTS), IAM; Device Trust

The Experience

The Salesforce Enterprise Security Engineering team is seeking an experienced software engineer to help design and build foundational Identity and Access Management (IAM) platform services. Our team develops and operates highly scalable, fault-tolerant distributed systems that deliver cloud-scale security software across multiple public cloud platforms and Salesforce's internal infrastructure. We provide the core building blocks that protect customer trust in Salesforce's products and services.

A key area of investment is Enterprise IAM — specifically, establishing trust and containment for both users and devices. We are developing consistent, scalable identity and access services that unify our IT network, cloud environments, and internal infrastructure. Our work ensures that every engineer at Salesforce can operate securely, regardless of environment.

One of our flagship initiatives is the device and user containment platform, which automates access enforcement across the enterprise. This system enables Salesforce to dynamically restrict or revoke access to applications based on a user's employment status, role change, or device trust level — ensuring timely containment during resignations, terminations, or security events. Containment is enforced across all enterprise applications through policy-driven controls, tightly integrated with our real-time identity and device trust infrastructure.

To support this, we are building a unified, hardware-backed device identity and posture framework that leverages Trusted Platform Module (TPM)/T2-based certificates, continuous diagnostics, and real-time signals to verify trust. Combined with Continuous Access Evaluation Protocol (CAEP) capabilities, our platform enables fine-grained, dynamic access decisions based on real-time changes in user or device posture — such as device compliance drift, user risk score, or privilege escalation.

These systems are foundational to advancing Salesforce's Zero Trust and Cybersecurity Mesh Architecture, allowing service owners and engineers to operate with confidence, agility, and security s is a high-impact, high-visibility opportunity to work at the intersection of distributed systems and enterprise security — and a chance to shape foundational infrastructure used by every engineer at Salesforce.

This role is open to candidates based in San Francisco, CA, New York, NY, or Bellevue, WA. This is a hybrid position requiring a weekly in office commitment.

• Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
• Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
• Critically evaluate code (human or AI-generated) for correctness, quality, security, and performance.
• Design and build scalable authentication and authorization services for distributed environments.
• Develop and maintain system software for multiple operating systems (Linux, macOS, Windows).
• Implement and operate large-scale security services using Golang or Python.
• Integrate and extend secure device attestation mechanisms, including TPM-based hardware trust.
• Contribute to platform-level identity and security solutions using Public Key Infrastructure (PKI), certificates, and secure transport.
• Build and manage containerized workloads with Kubernetes, Docker, and infrastructure as code tools like Terraform.
• Operate and maintain services in a full Dev Ops model: monitor, troubleshoot, and continuously improve.
• Work in an Agile team to deliver iteratively and collaboratively.
• Partner with cross-functional teams across security, infrastructure, and engineering to ensure platform integrity and trustworthiness.

• A demonstrated, genuine AI-first approach to…