Description
Role Description
Salesforce - the leader in enterprise cloud computing and one of the top 10 places to work according to Fortune magazine -is seeking an Associate CSIRT Incident Responder. Candidates must have a passion for Information Security and an elementary understanding of security monitoring and incident response.
Salesforce has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. The Cyber Security Incident Response Team (CSIRT) is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. We are the ‘tip of the spear’ and the first line of defense protecting company and customer data from our adversaries.
Primary Responsibilities
As a key member of Global CSIRT, the Incident Responder is on the ‘front lines’ of the Salesforce production environment; forming part of a group of incident responders that protect our critical infrastructure and our customers’ data from the latest information security threats. This role also needs exceptional communication skills (verbal and written), and an ability to quickly understand sophisticated information while recognising familiar elements within sophisticated situations. This position is based in our 24x7 operations center. As a result, shift work (including on weekends, as needed) is required.
Minimum Qualifications
Strong interest in information security, including awareness of current threats and security standard methodologies
Knowledge of email security threats and security controls, including analyzing email headers
Understanding of network fundamentals and common Internet protocols.
Understanding of Mac OSX, Microsoft Windows, and Linux/Unix system administration and security control fundamentals
Understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS/TLS, and SMTP
Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc.
Understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes for security.
The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organizations outside your company
Strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical audiences
DESIRED SKILLS:
Flexibility, drive, integrity, and creative problem-solving skills
Operational experience with network and host-based intrusion detection and response solutions, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs
Experience in being part of a project team - demonstrating ability to contribute to projects across teams where influencing skills are required
Understanding of the information security threat landscape (attack vectors and tools, standard processes for securing systems and networks, etc.)
Previous experience of collaborating with global teams
A continuous improvement approach that actively seeks opportunities to enhance security
The willingness to apply yourself to learning new skills
Relevant certifications (CompTIA Security+, BTL1, SANs GCFA, GCIH, etc.) are beneficial.