Description
The Computer Security Incident Response Team (CSIRT) at Salesforce deals with the most challenging problems in information security. When you're first reading about a new issue in the news, our CSIRT is already working on it! The pace and variety of our work create a unique learning environment, whether you are starting out or have deep security experience. You will be given unique challenges and the tools to solve them, surrounded by exceptional colleagues, and supported by incredibly helpful partner teams.
The Computer Security Incident Response Team (CSIRT) is the frontline of defense for Salesforce and is responsible for 24x7x365 security monitoring, security operations, real-time analysis of security alert data, and rapid incident response across multiple Salesforce environments. This team protects the confidentiality, integrity, and availability of company and customer data.
As a key member of our growing team, the incident responder will work on the 'front lines' of the Salesforce environment, working with a team that protects our critical infrastructure and our customer's data from the latest information security threats.
Responsibilities:
The Associate Incident Responder, CSIRT will be part of the monitoring and triage arm of Salesforce CSIRT, responsible for analysing events across a large and complex environment in order to identify security incidents and protect our customers.
Incident Responders use their exceptional judgment and security expertise to distinguish real threats from "noise". In a typical hour, an Incident Responder might examine a malicious email, investigate an unusual login, and analyze a PC with a potential malware issue. Between these events, they will interact with Salesforce colleagues around the world, who contact Salesforce Security with issues ranging from missing laptops to suspicious devices found in our offices.
A successful Incident Responder will have acute attention to detail and a logical approach to analysis and problem-solving. This role also needs exceptional communication skills (verbal and written), and an ability to quickly understand complex information while recognizing familiar elements within complex situations. The ideal candidate should have an interest in developing automation and exploring AI for operations and response.
Required Skills:
Strong interest in information security, including awareness of current threats and security best practices
Understanding of Windows, Linux, Mac operating systems, and command line tools.
Expertise in few core IR skills (Incident response, Network Security, Storage and access security, Sandboxing, Compute security etc)
In depth understanding of network fundamentals and common Internet protocols, such as DNS, HTTP, HTTPS / TLS, and SMTP
Knowledge of analyzing network traffic logs, to investigate either security issues or complex operational issues
Knowledge of email security threats and security controls, including analyzing email headers
Foundational understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes for security.
A continuous improvement mindset that actively seeks opportunities to enhance security practices, tools, and methodologies, while incorporating automation and innovative solutions.
Self-motivated, excellent communication, and collaboration skills to effectively work in a team and engage with stakeholders.
Desired Skills & Experience
The following items are not hard requirements but would be an advantage:
Bachelor's/Master's degree in Computer Science, Cybersecurity, or a related field.
Knowledge of XSOAR, EDR, and SIEM tools would be a plus.
Scripting language (i.e. Bash, Python, Powershell, etc.) or any automation experience/prompt engineering.
Familiarity with OWASP's Top 10 vulnerabilities and experience in mitigating them.
Foundational understanding of GenAI/AgenticAI
Prior experience in a fast-paced operational environment.
Possessing a strong understanding of the MITRE ATT&CK framework and the ability to apply its tactics, techniques, and procedures (TTPs) is highly beneficial for conducting comprehensive case triage and investigation.
Relevant certifications (CompTIA Security+, Security Blue Team, GIAC GCFA, GCIH, etc.) are beneficial.