Description
About the Role
Join Salesforce's Detection, Analysis and Response (DAR) team as a CSIRT Senior Incident Manager, where you'll play a critical role in protecting one of the world's leading cloud platforms. In this position, you'll act as Incident Commander for high-severity security incidents and Vulnerability Commander for critical vulnerabilities, leading coordinated response efforts across Salesforce's commercial environments.
What You'll Do
Incident & Vulnerability Leadership
Serve as Incident Commander (IC) for high-severity security incidents (Sev 0-2), Customer Owned Security Incidents (COSI) and Vulnerability Commander (VC) for priority vulnerabilities requiring customer action
Lead response strategy and coordination for diverse critical incidents including supply chain attacks, third-party breaches, connected app compromises, large-scale account takeover campaigns, platform vulnerabilities, and insider threats
Establish clear command structures, delegate tasks effectively, and oversee technical workstreams including containment, forensics, and remediation
Ensure timely engagement of stakeholders and maintain accurate, real-time documentation within established SLAs
Training & Preparedness
Develop and conduct security tabletop exercises and drills to enhance organizational readiness
Create training programs for incident response teams and identify gaps in current response plans
Facilitate preparations for future incidents through scenario planning and stakeholder engagement
Process Excellence
Drive continuous improvement of incident management processes, protocols, and playbooks
Lead post-incident lessons learned exercises and develop corrective action programs
Maintain incident response tools, communication channels, and access controls
Review and optimize response procedures based on operational experience
Strategic Integration & Growth
Support security integration for newly acquired companies, including security posture assessments and capability evaluations
Facilitate onboarding tabletop exercises to align acquired organizations with Salesforce incident response processes and expectations
Collaborate with cross-functional security teams during acquisition integration activities
Global Operations
Participate in 24/7 global coverage including rotating weekend and holiday on-call responsibilities
Coordinate seamless handoffs across our three major global regions
Support business continuity planning to ensure effective operations during disruptions
Required Qualifications
Proven experience as an Incident Commander with hands-on leadership of complex security incidents
Deep expertise coordinating responses to critical events such as supply chain attacks, third-party breaches, large-scale campaigns, and platform vulnerabilities
Demonstrated crisis leadership skills with ability to establish command structures and make critical decisions under pressure
Exceptional written and verbal communication skills for stakeholder management
Experience developing or managing security programs for organizational preparedness
Proven ability to work effectively in global 24/7 operations
Preferred Qualifications
Industry certifications such as GCIH, CISSP, or CISM
Experience conducting post-mortem exercises and driving process improvements
Background in vendor management and external security engagements
Familiarity with M&A security assessments and integration processes
Experience in highly regulated environments
Knowledge of security automation and case management tools
Location: Sydney (Office-flex arrangement: 3 days in-office)
This role offers the opportunity to make a significant impact on global security operations while working with cutting-edge technology and a world-class security team. You'll be at the forefront of protecting customers and their data across Salesforce's ecosystem, while contributing to the company's continued growth.
#LI-Y