Sr Product Security Engineer
About The Position
About Salesforce Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce. About Our Team Product Security secures the products and platforms that power Salesforce's customers. As a Senior Product Security Engineer, you will partner closely with product and engineering teams to understand product goals and requirements, identify security risks, and help scale security practices across the product lifecycle. This role offers the opportunity to identify emerging threats in AI-driven and agent-based products and to design security controls and processes that enable rapid, secure product innovation across Salesforce.
Requirements
- Knowledge of evolving security risks affecting AI/ML products, agent-based systems, AI models and pipelines.
- Demonstrated adversarial mindset, with the ability to develop threat models and partner with engineering teams to reduce security risk.
- Experience securing multi-cloud platforms and multi-tenant SaaS systems, including Kubernetes- and Docker-based environments.
- Practical experience performing manual and tool-assisted secure code reviews across languages such as Java, JavaScript, Python, or similar.
- Hands-on experience conducting security assessments using common tools such as Burp Suite, Nessus, Metasploit, and Nmap.
- At least 3–5 years of experience in application, product, or security engineering, or a related technical security role.
- Strong communication skills with the ability to clearly convey security risks to both technical and non-technical stakeholders.
Nice To Haves
- Hands-on experience exploiting AI/ML and GenAI security risks, including model poisoning, RAG data leakage, and runtime attack vectors.
- Experience supporting offensive security programs, including bug bounties, red teaming, and penetration testing.
- External presentations and/or development of open-source security projects or tools.
Responsibilities
- Secure AI-driven products by anticipating novel security risks and implementing safeguards where industry standards do not yet exist.
- Conduct secure design reviews and threat modeling to proactively identify threats and translate them into prioritized mitigations and clear security requirements.
- Partner closely with product and engineering teams to design and implement security controls across distributed systems, including microservice architectures, cloud services, and platforms.
- Integrate shift-left security practices across the development lifecycle, from early design through production.
- Triage and drive remediation of findings from penetration tests, red team exercises, and bug bounty programs.
- Identify and address evolving security needs across AI/ML features, agent-based systems, and AI models and pipelines.
Benefits
- time off programs
- medical
- dental
- vision
- mental health support
- paid parental leave
- life and disability insurance
- 401(k)
- an employee stock purchasing program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
