LMTS), IAM (Device Trust)

Salesforce•San Francisco, CA

6d•Hybrid

About The Position

Salesforce is seeking an experienced software engineer for its Enterprise Security Engineering team to help design and build foundational Identity and Access Management (IAM) platform services. The team develops and operates highly scalable, fault-tolerant distributed systems that deliver cloud-scale security software across multiple public cloud platforms and Salesforce's internal infrastructure. These services protect customer trust in Salesforce's products and services. A key focus is Enterprise IAM, specifically establishing trust and containment for users and devices through consistent, scalable identity and access services that unify IT network, cloud environments, and internal infrastructure. The role involves developing a device and user containment platform that automates access enforcement across the enterprise, dynamically restricting or revoking access based on employment status, role changes, or device trust level. This includes building a unified, hardware-backed device identity and posture framework leveraging TPM/T2-based certificates, continuous diagnostics, and real-time signals, integrated with CAEP capabilities for fine-grained, dynamic access decisions. This is a high-impact, high-visibility opportunity at the intersection of distributed systems and enterprise security, shaping foundational infrastructure used by every Salesforce engineer.

Requirements

A demonstrated, genuine AI-first approach to engineering. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
8+ years of industry experience, with at least: 5+ years building distributed systems in Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) environments.
5+ years operating in high-availability, mission-critical environments (99.999% uptime).
Strong experience designing and operating distributed systems on public cloud platforms (AWS, GCP, or Azure).
Proficiency in Golang and/or Python.
Strong communication skills and a collaborative mindset that prioritizes team success.
Experience with security protocols and identity frameworks including Transport Layer Security (TLS), OAuth, Security Assertion Markup Language (SAML), PKI, and certificates.
Familiarity with system patterns and API standards including REST and OpenAPI/Swagger.
Solid understanding of DevOps practices, continuous integration and delivery (CI/CD), monitoring, and ownership of production systems.
Experience with CI/CD tools such as Jenkins, AWS CodePipeline, or AWS CodeBuild.
Experience building software for Linux and/or Windows environments.
Understanding of large-scale infrastructure-as-a-service platforms such as Amazon AWS, Microsoft Azure, or OpenStack.
Familiarity with source code management and version control systems such as Git or Perforce.
Hands-on experience with container technologies such as Docker and Kubernetes.

Nice To Haves

Experience developing system-level features related to platform security or device attestation.
Experience working with hardware-backed security mechanisms such as TPM, Hardware Security Module (HSM), or Secure Boot.
Familiarity with security compliance frameworks such as National Institute of Standards and Technology (NIST), ISO, or SOC 2.
Experience securing products and infrastructure against the Open Web Application Security Project (OWASP) Top 10 and/or Common Weakness Enumeration (CWE) Top 25.
Broad exposure to various security disciplines and a deep understanding of core security concepts such as Multi-Factor Authentication (MFA), Zero Trust, and securely managing secrets or tokens.

Responsibilities

Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
Critically evaluate code (human or AI-generated) for correctness, quality, security, and performance.
Design and build scalable authentication and authorization services for distributed environments.
Develop and maintain system software for multiple operating systems (Linux, macOS, Windows).
Implement and operate large-scale security services using Golang or Python.
Integrate and extend secure device attestation mechanisms, including TPM-based hardware trust.
Contribute to platform-level identity and security solutions using Public Key Infrastructure (PKI), certificates, and secure transport.
Build and manage containerized workloads with Kubernetes, Docker, and infrastructure as code tools like Terraform.
Operate and maintain services in a full DevOps model: monitor, troubleshoot, and continuously improve.
Work in an Agile team to deliver iteratively and collaboratively.
Partner with cross-functional teams across security, infrastructure, and engineering to ensure platform integrity and trustworthiness.