Salesforce.com, Inc Jobs

Mobile salesforce Logo

Job Information

Salesforce.com, Inc Cyber Detection, Incident Response, Cryptography, & Threat Engineers in Herndon, Virginia

Job CategoryProducts and Technology

Job Details

Open roles include:

Job level dependent on experience

Detection Engineer

Threat Intel Engineer

Threat & Vulnerability Management Engineer

PSIRT Engineer

CSIRT Engineer

Endpoint Security Engineer

Cryptography Engineer

PKI Engineer

Salesforce is looking to add to our expanding security organization. We're seeking Security Operations Engineers who are passionate about security and have had hands-on operational experience with infrastructure at a cloud scale. The Security Operations team is responsible for helping ensure that Salesforce becomes the most secure and compliant enterprise cloud solution. Security Operations includes the Detection Cloud, CSIRT, Threat & Vulnerability Management and Threat Intelligence teams among others. This group manages a fast-paced and constantly growing environment that seeks to implement cutting-edge technology to secure the infrastructure behind one of the world's largest business driving technologies. As a member of one of these Security Operations teams, you understand modern cyber threats, how to detect them, how to efficiently respond to them, and an interest in growing as a cyber security professional.

All Positions Require:

  • A passion for Information Security

  • Attention to detail

  • Experience in Information Security, including security operations

  • Security incident response in coordination with other teams across the company and/or externally as required

  • Monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.

  • Understanding of attack vectors and tools as well as the best practices for securing systems and networks

  • Strong technical understanding of network fundamentals and common Internet protocols

  • Strong understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.)

  • Familiarity with Microsoft Windows, Mac OSX, and Linux/Unix system administration and security controls

  • Formulating and implementing monitoring, policies, procedures and standards relating to system security

  • Support ongoing and new security/compliance initiatives

  • The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organizations outside your company

  • Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.

  • Some travel may be required

  • Job level dependent on experience

Cryptography Engineer:

As a key member of our team, the Cryptography engineer will work on the 'front lines' of the salesforce production environment, the largest SaaS platform on the planet, protecting our critical infrastructure and proactively defending our customers' data. A Cryptography Engineer is responsible for enhancing the security of our production systems, developing the tools to help us maintain and report on our security posture, ensuring that we maintain our external security certifications, and deploying and maintaining the security systems in our production data centers.

Responsibilities:

  • Engineering and supporting security solutions in a large scale environment.

  • Experience in security process and enterprise organizational design and security specific architecture methodologies, including application security.

  • Management/Review of systems security configurations.

  • System vulnerability assessments and remediation, including the assessment/deployment of vendor security updates.

  • Support ongoing and new security/compliance initiatives.

  • Security incident response in coordination with other security teams across the company and/or externally as required.

  • Deploy and manage security systems.

  • Design and development of tools to automate security or security reporting tasks.

Detection Cloud Engineers

Required Skills/Experience:

  • Experience analyzing security event data for anomalies. web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs

  • Experience managing intrusion detection systems (such as Suricata or Sourcefire)

  • Experience configuring security incident and event management tools (such as LogRhythm, Symantec SIM, LogLogic), including creating event filtering and correlation rules and reports.

  • Ability to write intrusion detection system rules

Desired Skills/Experience:

  • Strong scripting skills (i.e. Python/Perl, shell scripting) a significant plus

  • Experience with Splunk or ElasticSearch

  • Relevant information security certifications OSCP, OSCE, SANS GCIA, SANS GCIH, SANS GPEN, SANS GFCA and CISSP

Threat Intelligence Engineers

Required Skills/Experience:

  • Strong research background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis

  • Strong background in query development for SIEM/IDS

  • In depth understanding of APT TTP’s

  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation

  • Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, PCAP, Flow Log), and other artifacts in support of incident investigations.

  • Experience with malware analysis concepts and methodology

  • Motivated self-starter with strong written and verbal communications skills, and the ability to create complex technical reports on analytic findings

Desired Skills/Experience:

  • Strong scripting skills (i.e. Python/Perl, shell scripting) a significant plus

  • Experience with Splunk or ElasticSearch

Threat & Vulnerability Management Engineers

Responsibilities:

  • System vulnerability assessments and remediation, including the assessment/deployment of vendor security updates

  • Security incident response in coordination with other teams across the company and/or externally as required

  • Design and develop tools to automate operations or reporting tasks

  • Support ongoing and new service/compliance initiatives

Required Skills /Experience:

  • Demonstrated understanding of general Unix/Linux systems administration (Or similar, e.g. Ubuntu, Solaris, etc.)

  • Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec etc.)

  • Knowledge of host based security

  • Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, etc.)

  • Experience with writing scripts and automation (Perl, Go, Shell, Python, etc)

  • Working in high-availability, 24x7x365 large-scale multi-data center environment

  • Experience with vulnerability scanning, web development, and server administration experience

PSIRT Engineer

Responsibilities:

  • Confirm reported vulnerabilities in Salesforce products

  • Work closely with customers and security researchers to understand vulnerability reports

  • Assess and measure the risk presented by vulnerabilities

  • Measure the exploitability of vulnerabilities based on mitigating controls

  • Document proof of concept exploitation steps

  • Research known vulnerabilities to reduce reporting duplicate findings

  • Establish priority level for remediation with product development teams

  • Establish proper team ownership for remediation activities

  • Register finding and related information for proper tracking

  • Direct investigations into previous exploitation of new findings

  • Direct creation of detection technologies while remediation takes place

  • Work with other teams to prepare responses for questions related to vulnerabilities

  • Support teams responsible for approving external security assessment requests

  • Perform research on new attacks and present new findings to both internal and external audiences

  • In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25

Endpoint Security Engineers

As the Endpoint Security Engineer, you will be focused on protecting Salesforce assets from threats. In this role, you’ll be responsible for ensuring Salesforce’s suite of endpoint security tools are deployed on every supported endpoint.

Required Skills/Experience:

  • Experience managing client-server architectures.

  • Must have strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.

  • Must have a fundamental understanding of accepted security practices, troubleshooting issues, attack vectors, and customer support.

  • Strong operational knowledge of Windows Server, Windows Client, Linux, Mac, iOS, Android Operating Systems.

  • Strong understanding of Network Protocols.

  • A clear understanding of the OSI model, TCP/IP and industry-standard defensive concepts.

  • Experience operating, troubleshooting, installing, and configuring endpoint security solutions (e.g. Antivirus, Application Whitelisting, Host Intrusion Prevention and Firewall, Forensic Analysis Tools, Advanced Malware Solutions, IOC Sweepers).

  • Experience deploying and configuring various security tools on large enterprise endpoints.

  • Responsible for scheduling, testing, and implementing enhancements or new releases of the endpoint security stack.

Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company”

  • *LI-Y

Posting Statement

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

Founded in 1999, Salesforce is the global leader in Customer Relationship Management (CRM). Companies of every size and industry are using Salesforce to transform their businesses, across sales, service, marketing, commerce, and more by connecting with customers in a whole new way. We harness technologies that can revolutionize companies, careers, and, hopefully, our world.

Salesforce is built on a set of four core values: Trust, Customer Success, Innovation, and Equality. By making technology more accessible, we're helping create a future with greater opportunity and equality for all. This has taken our company to great heights, including being ranked by Fortune as one of the “Most Admired Companies in the World” and one of the “100 Best Companies to Work For” eleven years in a row, and named “Innovator of the Decade” and one of the “World’s Most Innovative Companies” eight years in a row by Forbes.

There are those who choose to work with the best and brightest. And then, there are those who want to do more than just a job. They are the ones improving lives, not only their careers. Having an impact now instead of later. Doing something that’s so much bigger than themselves, an industry, and their company.

We believe everyone can be a Trailblazer. Join Salesforce and discover a future of new opportunities.

DirectEmployers