Incident Response Analyst with TS/SCI clearance (on site Northern Virginia)This is a customer-facing role and will require you to be on-site in Northern Virginia. This is NOT a remote position.
Salesforce - the leader in enterprise cloud computing and one of the top 10 places to work according to Fortune magazine - is seeking an Incident Response Analyst for our Government Cloud Security Operations team.
As part of the Salesforce National Security (SNS) Cloud Security Operations (SecOps), the Incident Response Analyst will work on the 'front lines' of Salesforce environments supporting US Government agencies and departments performing national security functions. SNS Cloud SecOps protects our critical infrastructure and our customers' data from the latest information security threats. SNS Cloud SecOps is responsible for 24x7x365 security monitoring, security operations, real-time analysis of security alert data, and rapid incident response across SNS Cloud environments.
PLEASE NOTE: Qualification for this job is contingent upon acceptable results from a background investigation as well as your having and maintaining the specific level of U.S. government background investigation and clearance required for this role.
Role Description: The Incident Response Analyst will respond to and investigate cyber security events within the SNS Cloud environments, track and document security events and incidents in a ticketing system, and analyze log data for signs of malicious activity in a Security Information and Event Manager (SIEM).The Analyst will need to work across multi-disciplined teams to coordinate incident response actions for high-priority, high-transparency operations security issues to drive toward a resolution while meeting required service-level agreements, escalating as appropriate, and providing regular updates to senior leaders.This position offers a challenging opportunity to be exposed to a diverse set of security disciplines, including incident response, forensics, reverse engineering, malware analysis, intrusion detection, network security, and system security.This position provides opportunities to automate workflows and processes, develop new analytics and apply mitigations for adversary Tactics, Techniques, and Procedures (TTPs), and hunt for undetected indicators of compromise.This position may require you to provide periods of 24x7 on-call support on an as-needed basis.As we work with Government customers, this position may require occasional local travel to customer sites.Minimum Qualifications: The candidate must be a U.S. citizen and must have an active U.S. Government Top Secret/SCI security clearance with Polygraph.A related technical degree, such as Computer Science, Software Engineering, Cybersecurity, Information Assurance, or equivalent work experience.4+ years experience in cybersecurity, engineering, and/or incident response roles.Strong interpersonal and communication skills required for coordinating responses to sophisticated incidents across the organization with many non-technical and technical stakeholders.Strong problem solving ability to determine solutions to encountered or anticipated challenges.Robust technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).An in-depth understanding of TCP/IP network protocols and application layer protocols (e.g., HTTP, SMTP, DNS, etc.).Experience with one or more SIEMs, like Splunk, Azure Sentinel, ElasticStack, etc.Desired Skills: Technical understanding of the information security threat landscape, to include attack vectors, tools, best practices for securing systems and networks, etc.Familiarity with incident response and security operations within cloud environments.Familiarity with Mac OSX, Microsoft Windows, and Linux/Unix system administration and security controls.Technical understanding of AWS, Azure, or GCP administration and security controls.Experience creating and managing event and metric dashboards with tools like Splunk, Kibana, Grafana, etc.Experience with data query languages, such as SQL, SPL, GraphQL, etc.Scripting language (i.e. Bash, Python, etc.) and workflow automation experience.Operational experience monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.Relevant information security certifications, such as CISSP, GCFR, GCIA, GCIH or other related certifications.#LI-Y
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
#J-18808-Ljbffr