Senior/Lead Software Engineer (SMTS/LMTS), IAM (Device Trust)

The Salesforce Enterprise Security Engineering team is seeking an experienced software engineer to help design and build foundational Identity and Access Management (IAM) platform services. Our team develops and operates highly scalable, fault-tolerant distributed systems that deliver cloud-scale security software across multiple public cloud platforms and Salesforce's internal infrastructure. We provide the core building blocks that protect customer trust in Salesforce's products and services.

A key area of investment is Enterprise IAM - specifically, establishing trust and containment for both users and devices. We are developing consistent, scalable identity and access services that unify our IT network, cloud environments, and internal infrastructure. Our work ensures that every engineer at Salesforce can operate securely, regardless of environment.

One of our flagship initiatives is the device and user containment platform, which automates access enforcement across the enterprise. This system enables Salesforce to dynamically restrict or revoke access to applications based on a user's employment status, role change, or device trust level - ensuring timely containment during resignations, terminations, or security events. Containment is enforced across all enterprise applications through policy-driven controls, tightly integrated with our real-time identity and device trust infrastructure.

To support this, we are building a unified, hardware-backed device identity and posture framework that leverages Trusted Platform Module (TPM)/T2-based certificates, continuous diagnostics, and real-time signals to verify trust. Combined with Continuous Access Evaluation Protocol (CAEP) capabilities, our platform enables fine-grained, dynamic access decisions based on real-time changes in user or device posture - such as device compliance drift, user risk score, or privilege escalation.

These systems are foundational to advancing Salesforce's Zero Trust and Cybersecurity Mesh Architecture, allowing service owners and engineers to operate with confidence, agility, and security at scale. This is a high-impact, high-visibility opportunity to work at the intersection of distributed systems and enterprise security - and a chance to shape foundational infrastructure used by every engineer at Salesforce.

This role is open to candidates based in San Francisco, CA, New York, NY, or Bellevue, WA. This is a hybrid position requiring a weekly in office commitment. What You'll Actually Be Doing

• Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
• Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
• Critically evaluate code (human or AI-generated) for correctness, quality, security, and performance.
• Design and build scalable authentication and authorization services for distributed environments.
• Develop and maintain system software for multiple operating systems (Linux, macOS, Windows).
• Implement and operate large-scale security services using Golang or Python.
• Integrate and extend secure device attestation mechanisms, including TPM-based hardware trust.
• Contribute to platform-level identity and security solutions using Public Key Infrastructure (PKI), certificates, and secure transport.
• Build and manage containerized workloads with Kubernetes, Docker, and infrastructure as code tools like Terraform.
• Operate and maintain services in a full DevOps model: monitor, troubleshoot, and continuously improve.
• Work in an Agile team to deliver iteratively and collaboratively.
• Partner with cross-functional teams across security, infrastructure, and engineering to ensure platform integrity and trustworthiness.

• A demonstrated, genuine AI-first approach to engineering. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
• Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
• Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
• 8+ years of industry experience, with at least:
• 5+ years building distributed systems in Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) environments.
• 5+ years operating in high-availability, mission-critical environments (99.999% uptime).
• Strong experience designing and operating distributed systems on public cloud platforms (AWS, GCP, or Azure).
• Proficiency in Golang and/or Python.
• Strong communication skills and a collaborative mindset that prioritizes team success.
• Experience with security protocols and identity frameworks including Transport Layer Security (TLS), OAuth, Security Assertion Markup Language (SAML), PKI, and certificates.
• Familiarity with system patterns and API standards including REST and OpenAPI/Swagger.
• Solid understanding of DevOps practices, continuous integration and delivery (CI/CD), monitoring, and ownership of production systems. Experience with CI/CD tools such as Jenkins, AWS CodePipeline, or AWS CodeBuild.
• Experience building software for Linux and/or Windows environments.
• Understanding of large-scale infrastructure-as-a-service platforms such as Amazon AWS, Microsoft Azure, or OpenStack.
• Familiarity with source code management and version control systems such as Git or Perforce.
• Hands-on experience with container technologies such as Docker and Kubernetes.

Even Better If...

• Experience developing system-level features related to platform security or device attestation.
• Experience working with hardware-backed security mechanisms such as TPM, Hardware Security Module (HSM), or Secure Boot.
• Familiarity with security compliance frameworks such as National Institute of Standards and Technology (NIST), ISO, or SOC 2.
• Experience securing products and infrastructure against the Open Web Application Security Project (OWASP) Top 10 and/or Common Weakness Enumeration (CWE) Top 25.
• Broad exposure to various security disciplines and a deep understanding of core security concepts such as Multi-Factor Authentication (MFA), Zero Trust, and securely managing secrets or tokens.

benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions. The typical base salary range for this position is $148,500 - $260,100 annually. In select cities within the San Francisco and New York City metropolitan area, the base salary range for this role is $178,900 - $285,800 annually. The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce., Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion