Software Engineering MTS - Security Automation

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category Software Engineering Job Details About Salesforce Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce. Job Title: Member of Technical Staff (MTS) - Cloud Security Automation Engineer Location: New York, NY; San Francisco, CA About the Team The Shared Team DNA While every member of our team has a distinct focus area, we are all T-shaped engineers who learn from one another. Regardless of your title, you must share our collective passion for: Customer Focus: Treating internal developers as our primary customers and prioritizing their velocity and user experience. Automation: Eradicating manual toil and ticket-ops via GitOps and AI-augmented workflows. Security: Believing that security should be shifted left and built into the code, not bolted on as an afterthought. SRE Mindset: Engineering for failure, prioritizing self-healing systems, and maintaining a 99.999% availability standard. Observability: Relying on telemetry, centralized logging, and ChatOps to proactively identify and resolve issues. About the Role As our Cloud Security Automation Engineer, you are responsible for ensuring that our high-velocity platform remains impenetrable. While the SRE team builds the automation engine, you build the brakes and the guardrails. You will translate dense compliance frameworks (like NIST 800-53) and strict corporate data policies into automated, programmatic rules. You will feed the brain of our AI agents and Policy-as-Code engines, ensuring that any infrastructure deployed by our developers is validated for security and compliance before it ever reaches production. Your Impact - Responsibilities Policy-as-Code: Write, test, and maintain the exact rules (e.g., OPA/Rego) that evaluate developer Pull Requests to ensure they meet Mission-Critical data classification standards. AI Agent Management: Maintain and update the knowledge base and rule sets used by our AI-augmented GitOps agents, ensuring they are instantly aware of newly released internal security standards. Preventative & Detective Guardrails: Implement programmatic boundaries (e.g., Service Control Policies) to restrict unauthorized regions, mandate encryption, and enforce a strict Private-by-Default network posture. Continuous Compliance & Observability: Ensure that all operational and audit telemetry is aggregated into centralized, tamper-proof storage, and monitor aggregated threat detection dashboards to resolve anomalies. Minimum Qualifications Bachelor's degree in Computer Science, Computer Engineering, Software Engineering or relevant work experience 4 years of experience in cloud security, DevSecOps, or security automation engineering. Hands-on experience writing and deploying Policy-as-Code (e.g., Open Policy Agent, Rego, Sentinel). Deep understanding of enterprise cloud security constructs, centralized policy enforcement, and KMS cryptography. Familiarity with translating rigorous compliance frameworks (e.g., NIST SP 800-53, FedRAMP, SOC2) into automated technical controls. Strong scripting skills (Python, bash) for developing automated security remediation lambda functions. *LI-Y Unleash Your Potential When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find bala ... (truncated, view full listing at source)