Incident Responder CSIRT - Levels

Overview

Salesforce is seeking an Incident Responder to join our Computer Security Incident Response Team (CSIRT). The CSIRT is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. This team acts as the last line of defense, protecting company and customer data from security threats.

• Monitor and triage security alerts:
  Perform 24x7 Tier 1 monitoring of security events across Salesforce environments, triaging and prioritizing alerts to identify potential threats requiring escalation.
• Participate in incident response activities:
  Support containment, eradication, and recovery efforts during security incidents, following established playbooks and guidance from senior team members.
• Collaborate across teams:
  Work with engineering, business, and security teams to coordinate response efforts and drive security improvements.
• Document and communicate findings:
  Produce clear incident notes and summaries, keeping relevant stakeholders informed throughout the response process.

• 2+ years of experience in an IT operations environment or 1+ years of specialized security operations experience.
• Foundational knowledge of information security, current threats, and best practices.
• Knowledge of email security, controls, and header analysis.
• Understanding of OS administration and security controls for Mac OSX, Windows, and Linux/Unix.
• Knowledge of core network fundamentals and common Internet protocols (DNS, HTTP, HTTPS/TLS, SMTP).
• Familiarity with security incident response concepts (phases of response, IoCs, vulnerabilities vs. threats).
• Understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes.
• Ability to build and maintain strong working relationships across internal and external teams.
• Excellent verbal and written communication skills.

• Operational security experience with security infrastructure (IDS/IPS, WAFs, database security monitors, firewalls, proxies, endpoint protection, log analysis).
• Threat landscape knowledge and ability to analyze attack vectors and tools.
• Project and collaboration skills with global teams; demonstrated influencing ability.
• Continuous improvement mindset and willingness to learn new security skills.
• Certifications such as CompTIA Security+, GCFA, GCIH are beneficial.
• Foundational understanding of Generative AI (GenAI), Agentic AI, and prompt engineering.

This candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.

Salesforce is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. This policy applies to all employment actions, including recruitment, hiring, promotion, compensation, and termination.

Posting is subject to change. If you need a reasonable accommodation during the application or recruiting process, please submit a request via the Accommodations Request Form.