×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security AI Engineer Cloud Computing

Threat Intelligence Automation Developer; Orchestration

Job in McLean, Fairfax County, Virginia, USA
Listing for: salesforce.com, inc.
Full Time position
Listed on 2026-06-02
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, AI Engineer, Cloud Computing
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Threat Intelligence Automation Developer (Orchestration)

Overview

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. Innovation is a way of life. Salesforce seeks Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Agentforce is the future of AI, and you are the future of Salesforce.

Role Description

In the capacity of a Threat Intelligence Automation Developer, you operate at the nexus of security analysis and systems development within our Counter-Threat Operations. Your objective is to convert massive streams of adversary data into meaningful insights by engineering and optimizing large-scale automated pipelines. You will architect the essential framework that empowers TI, SOC, and IR practitioners to outpace modern threats and drive initiatives to expand threat group tracking, analyze malicious campaigns, and streamline intelligence delivery across the security ecosystem.

Key Responsibilities
  • Engineering & Systems Orchestration:
    Architect and implement bespoke programmatic solutions and cross-platform integrations within the Threat Intelligence Platform and SOAR ecosystems to drive high-velocity security operations at scale.
  • Strategic

    Collaboration:

    Work alongside Threat Researchers to decode adversary tradecraft, transforming manual workflows into automated detection frameworks.
  • Collections Leadership:
    Function as a pivotal member of the Collections Team; oversee evaluation of novel data streams and authorize sophisticated data ingestion and normalization initiatives.
  • Intelligence Lifecycle Refinement:
    Optimize the intelligence production cycle by engineering automations that reduce manual processing and empower analysts to focus on complex analysis.
  • Design and orchestrate systems where AI agents integrate into human workflows to drive efficiency and innovation at scale.
  • Contribute to building and maintaining the shared system context as a repository of system designs, constraints, and standards for reliable AI operation.
Minimum Requirements
  • A minimum of three years within the cybersecurity domain, including at least one year in security engineering, Dev Sec Ops , or automation workflows.
  • Advanced Python development ability;
    Bash and JavaScript for orchestration and scripting are highly desirable.
  • Hands-on experience implementing SOAR platform orchestration using industry-standard tools (e.g., Palo Alto Cortex XSOAR, Splunk Phantom, Tines, Swimlane).
  • Familiarity with Threat Intelligence Platforms such as Vertex Synapse, Threat Connect, Anomali, or MISP.
  • Experience normalizing unstructured data via RESTful APIs and Regex, mapping digital footprints into JSON or the Synapse Data Model.
  • Mastery of version control (git) and CI/CD practices in security engineering workflows.
  • Experience building on AWS; operational knowledge of Linux/Unix.
  • Experience using AI tools in development workflows and advanced prompt engineering to produce reliable, secure AI outputs.
  • Understanding of large-scale distributed system design and a builder mindset to create programmatic solutions.
  • Ability to collaborate effectively within a global, remote workforce.
  • Bachelor's degree in Cybersecurity, Computer Science, or related technical discipline; or equivalent professional experience.
Preferred Requirements
  • Experience using Threat Intelligence Platforms and building integrations with these platforms.
  • Experience with security analysis tools (Jupyter notebooks, Splunk, Elastic Search, etc.).
  • Experience with Microsoft Azure and Google Cloud.
  • Graph modeling expertise using Vertex Synapse or similar graph databases to map adversary relationships.
  • Cloud-native automation and serverless experience in AWS Lambda or Azure Functions.
  • Relevant credentials such as GCTI, GPYC, or SOAR certifications.
  • Experience applying all skills at scale in a large, complex environment.

Equity and accommodations statements:

Salesforce is an equal opportunity employer. If you need a reasonable accommodation during the application process, please submit a request via the Accommodations Request Form. Salesforce uses AI tools in recruitment, but humans make final hiring decisions. See the Candidate Privacy Statement for details on data usage and opt-out options.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search