LMTS), IAM (Device Trust)

Salesforce•San Francisco, CA

1d•$178,900 - $285,800•Hybrid

About The Position

The Salesforce Enterprise Security Engineering team is seeking an experienced software engineer to help design and build foundational Identity and Access Management (IAM) platform services. Our team develops and operates highly scalable, fault-tolerant distributed systems that deliver cloud-scale security software across multiple public cloud platforms and Salesforce's internal infrastructure. We provide the core building blocks that protect customer trust in Salesforce's products and services. A key area of investment is Enterprise IAM — specifically, establishing trust and containment for both users and devices. We are developing consistent, scalable identity and access services that unify our IT network, cloud environments, and internal infrastructure. Our work ensures that every engineer at Salesforce can operate securely, regardless of environment. One of our flagship initiatives is the device and user containment platform, which automates access enforcement across the enterprise. This system enables Salesforce to dynamically restrict or revoke access to applications based on a user's employment status, role change, or device trust level — ensuring timely containment during resignations, terminations, or security events. Containment is enforced across all enterprise applications through policy-driven controls, tightly integrated with our real-time identity and device trust infrastructure. To support this, we are building a unified, hardware-backed device identity and posture framework that leverages Trusted Platform Module (TPM)/T2-based certificates, continuous diagnostics, and real-time signals to verify trust. Combined with Continuous Access Evaluation Protocol (CAEP) capabilities, our platform enables fine-grained, dynamic access decisions based on real-time changes in user or device posture — such as device compliance drift, user risk score, or privilege escalation. These systems are foundational to advancing Salesforce's Zero Trust and Cybersecurity Mesh Architecture, allowing service owners and engineers to operate with confidence, agility, and security at scale. This is a high-impact, high-visibility opportunity to work at the intersection of distributed systems and enterprise security — and a chance to shape foundational infrastructure used by every engineer at Salesforce.

Requirements

A demonstrated, genuine AI-first approach to engineering. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
8+ years of industry experience, with at least: 5+ years building distributed systems in Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) environments.
5+ years operating in high-availability, mission-critical environments (99.999% uptime).
Strong experience designing and operating distributed systems on public cloud platforms (AWS, GCP, or Azure).
Proficiency in Golang and/or Python.
Strong communication skills and a collaborative mindset that prioritizes team success.
Experience with security protocols and identity frameworks including Transport Layer Security (TLS), OAuth, Security Assertion Markup Language (SAML), PKI, and certificates.
Familiarity with system patterns and API standards including REST and OpenAPI/Swagger.
Solid understanding of DevOps practices, continuous integration and delivery (CI/CD), monitoring, and ownership of production systems.
Experience with CI/CD tools such as Jenkins, AWS CodePipeline, or AWS CodeBuild.
Experience building software for Linux and/or Windows environments.
Understanding of large-scale infrastructure-as-a-service platforms such as Amazon AWS, Microsoft Azure, or OpenStack.
Familiarity with source code management and version control systems such as Git or Perforce.
Hands-on experience with container technologies such as Docker and Kubernetes.

Nice To Haves

Experience developing system-level features related to platform security or device attestation.
Experience working with hardware-backed security mechanisms such as TPM, Hardware Security Module (HSM), or Secure Boot.
Familiarity with security compliance frameworks such as National Institute of Standards and Technology (NIST), ISO, or SOC 2.
Experience securing products and infrastructure against the Open Web Application Security Project (OWASP) Top 10 and/or Common Weakness Enumeration (CWE) Top 25.
Broad exposure to various security disciplines and a deep understanding of core security concepts such as Multi-Factor Authentication (MFA), Zero Trust, and securely managing secrets or tokens.

Responsibilities

Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
Critically evaluate code (human or AI-generated) for correctness, quality, security, and performance.
Design and build scalable authentication and authorization services for distributed environments.
Develop and maintain system software for multiple operating systems (Linux, macOS, Windows).
Implement and operate large-scale security services using Golang or Python.
Integrate and extend secure device attestation mechanisms, including TPM-based hardware trust.
Contribute to platform-level identity and security solutions using Public Key Infrastructure (PKI), certificates, and secure transport.
Build and manage containerized workloads with Kubernetes, Docker, and infrastructure as code tools like Terraform.
Operate and maintain services in a full DevOps model: monitor, troubleshoot, and continuously improve.
Work in an Agile team to deliver iteratively and collaboratively.
Partner with cross-functional teams across security, infrastructure, and engineering to ensure platform integrity and trustworthiness.