Incident Responder CSIRT - Levels

Position: Incident Responder CSIRT - Multiple Levels
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Enterprise Technology & Infrastructure

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Overview of the Role:

Salesforce is seeking an Incident Responder to join our Computer Security Incident Response Team (CSIRT). The CSIRT is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. This team acts as the last line of defense, protecting company and customer data from security threats.


This candidate must be a U.S. citizen (U.S. born or naturalized) operating on U.S. Soil who does not hold dual citizenship with the ability to meet customer and government screening standards applicable to this role.

Responsibilities:

As a key member of the Global CSIRT, you will protect Salesforce's critical infrastructure and customer data from evolving security threats. You must have exceptional communication skills (verbal and written) and the ability to quickly analyze complex information. This position operates from our 24x7 operations center, requiring shift work and on call shifts, including weekends.

• Monitor and Triage Security Alerts:
  Perform 24x7 with CSIRT's Tier 1 monitoring function of security events across Salesforce environments, triaging and prioritizing alerts to help identify potential threats requiring escalation.
• Participate in Incident Response
  
  Activities:
  
  Support containment, eradication, and recovery efforts during security incidents, following established playbooks and guidance from senior team members.
• Collaborate Across Teams:
  Work closely with engineering, business, and security teams to coordinate response efforts and drive organizational security uplift.
• Document and Communicate Findings:
  Produce clear and accurate incident notes and summaries, keeping relevant stakeholders informed throughout the response process.

Required Qualifications:

• 2+ years of experience in an IT operations environment or 1+ years of specialized security operations experience.
• Deep interest and foundational knowledge of information security, including current threats and best practices.
• Knowledge of email security, controls, and header analysis.
• Understanding of operating system administration and security controls for Mac OSX, Microsoft Windows, and Linux/Unix.
• Knowledge of core network fundamentals and common Internet protocols, including DNS, HTTP, HTTPS/TLS, and SMTP.
• Familiarity with core concepts of security incident response (phases of response, vulnerabilities vs. threats vs. actors, and Indicators of Compromise (IoCs)).
• Understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes.
• Ability to build and maintain strong working relationships across internal and external teams.
• Exceptional communication skills (verbal and written)

Preferred Qualifications:

• Operational Security
  
  Experience:
  
  Strong operational experience with security infrastructure, including network and host-based intrusion detection/response solutions, WAFs, database security monitors, firewalls, proxies, antivirus, file integrity monitoring tools, and operating system logs.
• Threat Landscape Knowledge:
  In-depth understanding of the information security threat landscape (attack vectors, tools, and best practices).
• Project & Collaboration
  
  Skills:
  
  Experience contributing to cross-functional projects and collaborating with global teams, demonstrating influencing skills.
• Mindset: A continuous improvement mindset and a strong desire to learn new skills and enhance security processes.
• Certifications:
  
  Relevant industry certifications (e.g., CompTIA Security+, BTL1, SANs GCFA, GCIH) are beneficial.
• AI/ML Expertise:
  Foundational understanding of Generative AI (GenAI), Agentic AI, and prompt engineering.

This candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing…