Product Security Engineer, Infrastructure

Salesforce•Bellevue, WA

About The Position

Salesforce is seeking a Product Security Engineer to join their Security Services and Tooling Infrastructure Team. This role focuses on engineering automated guardrails, contributing to "paved path" templates, and maintaining multi-cloud hygiene to reduce developer toil and enforce rigorous security configurations. The team is responsible for the future of AI at Salesforce, driving innovation and ensuring security in the agentic era.

Requirements

Deep familiarity with Terraform. Must understand how to write and validate secure modules.
Functional knowledge of AWS and GCP security configurations.
Understanding of IAM, network boundaries, and organizational policies.
Experience or strong aptitude for learning OPA (Open Policy Agent) or Checkov to implement preventative controls.
Proficiency in Python or Go for automating security signal collection and remediation workflows.
Understanding of how to integrate security tooling into automated deployment pipelines without impacting delivery velocity.
A demonstrated, genuine AI-first approach to tasks. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.).
Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
A related technical degree required.

Responsibilities

Assist in the engineering and deployment of automated policy-as-code controls (e.g., OPA, Checkov) within CI/CD and runtime environments.
Support the development and certification of Infrastructure-as-Code (IaC) modules.
Ensure Terraform and multi-substrate templates adhere to strict security standards before they reach the engineering lifecycle.
Participate in the maintenance of Key Risk Indicator (KRI) dashboards for AWS and GCP.
Analyze multi-cloud asset data to identify and remediate privilege escalation paths.
Actively identify manual security processes and develop automated scripts or tooling to eliminate them.
Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.