Product Security Engineer, Senior & Lead (Enterprise Security - Security AI)
Role details
Job location
Tech stack
Job description
Salesforce Enterprise Security is hiring a Senior and Lead Security Engineer for our Secure AI team to help assess and maintain the security of using AI tooling securely.
In this role, you will partner with business stakeholders and technology partners to assess and maintain the security of AI tooling, ensuring they meet or exceed Salesforce security requirements when deploying AI at scale. You will have the opportunity to identify emerging threats, design new processes that balance security and business agility, and share your expertise through internal events, conferences, and published research.
What You'll Actually Be Doing
- Lead by performing in-depth and high-quality security assessments of emerging technology (AI tooling, agentic platforms, etc.) including architecture and design reviews, code reviews, and penetration tests.
- Provide guidance to team members and prospective suppliers on Salesforce security requirements including remediation advice and potential feature enhancements.
- Threat model common attacker methods to develop appropriate mitigation techniques, providing guidance that balances security requirements with functional requirements.
- Develop automated processes and support improvement of tooling to identify and solve problems at scale.
- Collaborate with engineering teams and business partners to drive solutions through a secure development lifecycle. Ideally would have development background.
- Define and develop technical security standards and guidelines with business partners.
- Research new technologies, emerging threats, and vulnerabilities for strategic planning and process improvements.
- Use your writing and presentation skills to communicate at all levels in the organizations.
- Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.
Requirements
- 8+ years of experience in a security role
- Experience with large language models (LLMs) and agentic systems - building, evaluating, or securing them
- Familiarity with AI security attack surfaces including prompt injection, data exfiltration, privilege escalation in agents, and model supply chain risks
- Excellent interpersonal, collaboration, critical-thinking, and communication skills
- A related technical degree required
Even Better If...
- Understanding of RAG architectures, classifier models, and how retrieval and generation pipelines work
- Familiarity with security frameworks and certifications such as ISO 27001, SOC 2, PCI DSS, OWASP Top 10, CWE Top 25, and MITRE ATT&CK
- Relevant BA/BS degree and/or certifications such as CRISC, CISSP, CCIE, CISM, CISA, or CCSK
- Experience defining and communicating security remediation tasks to project and data owners
Benefits & conditions
In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records. At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions. The typical base salary range for this position is, $148,500 -