Description
The Experience
Salesforce is seeking a Technical Lead of Compliance Engineering to lead the design, deployment, and scaling of compliance automation within Product Security. This is a hands-on engineering role for someone who treats compliance requirements as specifications — and builds systems to satisfy them continuously, not periodically.
You will own the technical roadmap for encoding our Common Controls Framework (CCF) control environment as software: automated evidence pipelines, policy-as-code enforcement, continuous control testing, and agentic workflows that replace manual audit processes. Your goal is to shift compliance left — embedding it into engineering systems rather than layering it on top.
What You'll Actually Be Doing
Design and ship a compliance-as-code platform that encodes CCF controls as versioned, testable, auditable policy artifacts — moving from document-driven compliance to code-driven compliance with a CI/CD-native workflow.
Lead a program along with a team of compliance engineers to build automated evidence collection pipelines that continuously gather, validate, and normalize control evidence from disparate systems (identity, cloud infra) without human touch.
Architect and operate continuous control monitoring — real-time dashboards backed by authoritative data pipelines, not point-in-time snapshots — giving engineering and leadership live visibility into control health and drift.
Deploy agentic automation (Agentforce, Claude) to handle repeatable compliance lifecycle tasks: evidence mapping, audit inquiry drafting, gap analysis, and discrepancy resolution across integrated systems.
Own the engineering standards and code review culture for compliance artifacts — treating policies, control definitions, and evidence schemas as production code.
Partner with compliance, product and engineering as a technical counterpart: translate control requirements into precise data contracts and machine-readable policy definitions that drive automated testing rather than manual review.
You're Our Person If...
8+ years in compliance engineering, security engineering, or software engineering — with 3+ years leading technical teams building compliance or security automation systems.
Hands-on experience building automation with Apex and/or Java, Python, SQL, and SOQL; comfortable reading and writing production-grade code, not just directing others.
Deep familiarity with security control frameworks — specifically the ability to translate control language into testable, automatable specifications.
Experience building data pipelines and APIs that normalize compliance-relevant telemetry from multiple enterprise systems into a unified, queryable source of truth.
Engineering-led approach to audit: you've replaced manual evidence collection with automated pipelines and can articulate how those systems satisfy auditor scrutiny.
Familiarity with agentic or LLM-based workflows for automating unstructured tasks (inquiry response, evidence summarization, anomaly triage).
Even Better If...
Experience with Compliance as Code or Policy as Code frameworks (OPA/Rego, Cedar, or similar); comfort expressing control logic as versioned, testable code.
Proficiency with the Salesforce platform and KARL for building compliance automation on native infrastructure.
Experience with shift-left compliance — integrating control gates into CI/CD pipelines, PRs, or infrastructure provisioning workflows rather than post-deployment audits.
Experience fine-tuning or prompt-engineering LLMs for structured compliance tasks: evidence mapping, natural language control summaries, or audit response generation.
Tableau or similar for compliance reporting — built by data engineers, consumed by auditors and executives.
Salesforce Certified Technical Architect (CTA), CISSP, or CISM.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.
