Founded: 1999
Employees: 10000
Computer Software

Cyber Detection, Response, & Threat Engineers

Job Category

Products and Technology

Job Details

Open roles include:

Job level dependent on experience


Detection Engineer

CSIRT Engineer

Security Operations Engineer


Salesforce is looking to add to our expanding security organization. We're seeking Security Operations Engineers who are passionate about security and have had hands-on operational experience with infrastructure at a cloud scale.  The Security Operations team is responsible for helping ensure that Salesforce becomes the most secure and compliant enterprise cloud solution. Security Operations includes the Detection Cloud, CSIRT, and Threat Intelligence teams among others. This group manages a fast-paced and constantly growing environment that seeks to implement cutting-edge technology to secure the infrastructure behind one of the world's largest business driving technologies.  As a member of one of these Security Operations teams, you understand modern cyber threats, how to detect them, how to efficiently respond to them, and an interest in growing as a cyber security professional.


All Positions Require:

  • A passion for Information Security

  • Attention to detail

  • Experience in Information Security, including security operations

  • Security incident response in coordination with other teams across the company and/or externally as required

  • Monitoring devices such as  network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.

  • Understanding of attack vectors and tools as well as the best practices for securing systems and networks

  • Strong technical understanding of network fundamentals and common Internet protocols

  • Strong understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.)

  • Familiarity with Microsoft Windows, Mac OSX,  and Linux/Unix system administration and security controls

  • Formulating and implementing monitoring, policies, procedures and standards relating to system security

  • Support ongoing and new security/compliance initiatives

  • The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organizations outside your company

  • Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.

  • Some travel may be required

  • Job level dependent on experience


Detection Cloud Engineers

Required Skills/Experience:

  • Experience analyzing security event data for anomalies. web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs

  • Experience managing intrusion detection systems (such as Suricata or Sourcefire)

  • Experience configuring security incident and event management tools (such as LogRhythm, Symantec SIM, LogLogic), including creating event filtering and correlation rules and reports.

  • Ability to write intrusion detection system rules

Desired Skills/Experience:

  • Strong scripting skills (i.e. Python/Perl, shell scripting) a significant plus

  • Experience with Splunk or ElasticSearch

  • Relevant information security certifications OSCP, OSCE, SANS GCIA, SANS GCIH, SANS GPEN, SANS GFCA and CISSP


CSIRT Engineers

The Security Incident Handler is responsible for leading the response to low and medium severity incidents and participating in the response to high severity incidents. This position is based in our 24x7 operations center and may require occasional weekend on-call shifts.


Required Skills:

  • Security monitoring, triaging and response experience in a 24/7/365 environment

  • Understanding of  internet protocols (DNS, HTTP, HTTPS/TLS, SMTP)

  • Responding to security incidents in a production environment, such as investigating and remediating possible endpoint malware infections and mitigating email borne threats such as spam and phishing.

Desired Skills:

  • System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.

  • ​Scripting skills (i.e. Python/Perl, shell scripting) a significant plus.

  • Relevant information security certifications, such as CISSP, SANS GCIA, SANS GCIH, SANS GPEN, SANS GCFA, Offensive Security OSCP.


Threat Intelligence Engineers

Required Skills/Experience:

  • Strong research background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis

  • Strong background in query development for SIEM/IDS

  • In depth understanding of APT TTP’s

  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation

  • Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, PCAP, Flow Log), and other artifacts in support of incident investigations.

  • Experience with malware analysis concepts and methodology

  • Motivated self-starter with strong written and verbal communications skills, and the ability to create complex technical reports on analytic findings

Desired Skills/Experience:

  • Strong scripting skills (i.e. Python/Perl, shell scripting) a significant plus

  • Experience with Splunk or ElasticSearch

Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners, and communities, we are working to improve the state of the world!​


Posting Statement and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. and do not accept unsolicited headhunter and agency resumes. and will not pay fees to any third-party agency or company that does not have a signed agreement with or

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

Map / List