Salesforce - the leader in enterprise cloud computing - is seeking a Senior Incident Responder in our Cyber Security Incident Response Team (CSIRT). Candidates must have a passion for Information Security and a firm understanding of security monitoring and incident response.
As a key member of our growing Global CSIRT, the Senior Incident Responder is on the 'front lines' of the Salesforce production environment; leading a group of incident responders that protect our critical infrastructure and our customers' data from the latest information security threats. You will be contributing to significant CSIRT projects, conducting threat hunts, enhancing detection and incident response capabilities, and improving core CSIRT workflows and processes.
Working hours correspond to our "follow the sun" operating model and shift according to daylight savings during the year. You are required to do on-call as part of a regular rotation. Applicants must meet all visa requirements to work and live in Australia.
REQUIRED SKILLS: Minimum 5+ years of prior specialised security operations experience consisting of:
Flexibility, drive, integrity, and creative problem-solving skills
Operational experience performing incident response with Endpoint Detection and Response (EDR) solutions i.e. Crowdstrike etc.
Operational experience with log analysis platforms i.e. Splunk, Google Security Operations etc.
The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organisations outside your company
Customer-centric attitude and focus on providing best-in-class service for customers and stakeholders
The willingness to apply yourself to learning new skills and gaining certifications
Strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical audiences
Operational experience responding to security incidents in a production environment, such as investigating and remediating large scale network compromise, possible endpoint malware infections and attacker enterprise tactics
Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
Understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS/TLS, and SMTP
Understanding of incident response and security operations within public cloud environments (e.g. AWS, Azure, or GCP)
Understanding of Mac OSX, Microsoft Windows, and Linux/Unix system administration and security control fundamentals
Experience in being part of a project team - demonstrating ability to contribute to projects across teams where influencing skills are required
Previous experience of collaborating with global teams
DESIRED SKILLS: Understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.)
Working proficiency with programming /scripting languages is a plus: i.e. Python, Bash, Go, PowerShell
Working knowledge of malware reverse engineering
Relevant information security certifications, such as: BTL1, ISC2 CISSP, CERT CSIH, E-Council E|CIH, SANS GCIH, GCFA, GCFE, GX-IH, GX-FA and other related certifications
#LI-Y
#J-18808-Ljbffr