Senior Incident Responder, CSIRT - APAC

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Enterprise Technology & Infrastructure

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

Salesforce - the leader in enterprise cloud computing - is seeking a Senior Incident Responder in our Cyber Security Incident Response Team (CSIRT). Candidates must have a passion for Information Security and a firm understanding of security monitoring and incident response.

As a key member of our growing Global CSIRT, the Senior Incident Responder is on the 'front lines' of the Salesforce production environment; leading a group of incident responders that protect our critical infrastructure and our customers' data from the latest information security threats. You will be contributing to significant CSIRT projects, conducting threat hunts, enhancing detection and incident response capabilities, and improving core CSIRT workflows and processes.

Working hours correspond to our "follow the sun" operating model and shift according to daylight savings during the year. You are required to do on-call as part of a regular rotation. Applicants must meet all visa requirements to work and live in Australia.

REQUIRED SKILLS:

Minimum 5+ years of prior specialised security operations experience consisting of:

• Flexibility, drive, integrity, and creative problem-solving skills
• Operational experience performing incident response with Endpoint Detection and Response (EDR) solutions i.e. Crowdstrike etc.
• Operational experience with log analysis platforms i.e. Splunk, Google Security Operations etc.
• The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organisations outside your company
• Customer-centric attitude and focus on providing best-in-class service for customers and stakeholders
• The willingness to apply yourself to learning new skills and gaining certifications
• Strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical audiences
• Operational experience responding to security incidents in a production environment, such as investigating and remediating large scale network compromise, possible endpoint malware infections and attacker enterprise tactics
• Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
• Understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS/TLS, and SMTP
• Understanding of incident response and security operations within public cloud environments (e.g. AWS, Azure, or GCP)
• Understanding of Mac OSX, Microsoft Windows, and Linux/Unix system administration and security control fundamentals
• Experience in being part of a project team - demonstrating ability to contribute to projects across teams where influencing skills are required
• Previous experience of collaborating with global teams

DESIRED SKILLS:

• Understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.)
• Working proficiency with programming /scripting languages is a plus: i.e. Python, Bash, Go, PowerShell
• Working knowledge of malware reverse engineering
• Relevant information security certifications, such as: BTL1, ISC2 CISSP, CERT CSIH, E-Council E|CIH, SANS GCIH, GCFA, GCFE, GX-IH, GX-FA and other related certifications

#LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.