Senior Software Engineer

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

Software Engineering, Identity and Access Management

About the team
The Salesforce Enterprise Security Engineering team is seeking an experienced software engineer to help design and build foundational Identity and Access Management (IAM) platform services.
Our team develops and operates highly scalable, fault-tolerant distributed systems that deliver cloud-scale security software across multiple public cloud platforms and Salesforce's internal infrastructure. We provide the core building blocks that protect customer trust in Salesforce's products and services.

About the position
A key area of investment is Enterprise IAM -specifically, establishing trust and containment for both users and devices. We are developing consistent, scalable identity and access services that unify our IT network, cloud environments, and internal infrastructure. Our work ensures that every engineer at Salesforce can operate securely, regardless of environment.
One of our flagship initiatives is the device and user containment platform, which automates access enforcement across the enterprise. This system enables Salesforce to dynamically restrict or revoke access to applications based on a user's employment status, role change, or device trust level-ensuring timely containment during resignations, terminations, or security events. Containment is enforced across all enterprise applications through policy-driven controls, tightly integrated with our real-time identity and device trust infrastructure.
To support this, we are building a unified, hardware-backed device identity and posture framework that leverages TPM/T2-based certificates, continuous diagnostics, and real-time signals to verify trust. Combined with Continuous Access Evaluation Protocol (CAEP) capabilities, our platform enables fine-grained, dynamic access decisions based on real-time changes in user or device posture-such as device compliance drift, user risk score, or privilege escalation.
These systems are foundational to advancing Salesforce's Zero Trust and Cybersecurity Mesh Architecture, allowing service owners and engineers to operate with confidence, agility, and security at scale.
This is a high-impact, high-visibility opportunity to work at the intersection of distributed systems and enterprise security.

Responsibilities

• Design and build scalable authentication and authorization services for distributed environments.
• Develop and maintain system software for multiple OSes (Linux, macOS, Windows).
• Implement and operate large-scale security services using Golang or Python.
• Integrate and extend secure device attestation mechanisms, including TPM-based hardware trust.
• Contribute to platform-level identity and security solutions using PKI, certificates, and secure transport.
• Build and manage containerized workloads with Kubernetes, Docker, and infrastructure as code tools like Terraform.
• Operate and maintain services in a full DevOps model: monitor, troubleshoot, and continuously improve.
• Work in an Agile team to deliver iteratively and collaboratively.
• Partner with cross-functional teams across security, infrastructure, and engineering to ensure platform integrity and trustworthiness.

Required Skills/Experience

• 5+ years of industry experience, with at least:
  • 3+ years in building distributed systems in SaaS, PaaS, or IaaS environments.
  • 3+ years experience operating in high-availability, mission-critical environments (99.999% uptime).
• Strong experience designing and operating distributed systems on public cloud platforms (AWS/GCP/Azure).
• Proficiency in programming languages such as Golang, Python.
• Strong communication skills and a collaborative mindset that prioritizes team success.
• Expertise in:
  • Security protocols and identity frameworks (TLS, OAuth, SAML, PKI, certificates)
  • System patterns and API standards (REST, OpenAPI/Swagger)
  • Solid understanding of DevOps practices, CI/CD, monitoring, and ownership of production systems.
  • Experience building software for Linux and/or Windows environments.
  • CI/CD. Experience with continuous integration and delivery tools (e.g., Jenkins, AWS CodePipeline, AWS CodeBuild)
  • Understanding of large-scale infrastructure-as-a-service platforms (e.g. Amazon AWS, Microsoft Azure, OpenStack, etc.)
  • Familiarity with source code management and version control systems (git, perforce)
  • Hands-on experience with container technologies (e.g., Docker, Kubernetes)

Desired Skills

• Prior knowledge developing system-level features related to platform security, device attestation, will be a plus.
• Experience working with hardware-backed security mechanisms, such as TPM, HSM, or Secure Boot.
• Familiarity with security compliance frameworks (e.g., NIST, ISO, SOC 2).
• Securing products and infrastructure from the OWASP Top 10 and/or CWE Top 25
• Broad exposure to various security disciplines and deep understanding of models and reasons behind core security concepts such as MFA, ZeroTrust, and securely managing secrets or tokens.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.