Incident Responder CSIRT - Levels

Overview

Salesforce is seeking an Incident Responder to join our Computer Security Incident Response Team (CSIRT). The CSIRT is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. This team acts as the last line of defense, protecting company and customer data from security threats.

• Monitor and Triage Security Alerts:
  Perform 24x7 Tier 1 monitoring of security events across Salesforce environments, triaging and prioritizing alerts to identify potential threats requiring escalation.
• Participate in Incident Response
  
  Activities:
  
  Support containment, eradication, and recovery efforts during security incidents, following established playbooks and guidance from senior team members.
• Collaborate Across Teams:
  Work closely with engineering, business, and security teams to coordinate response efforts and drive organizational security uplift.
• Document and Communicate Findings:
  Produce clear and accurate incident notes and summaries, keeping relevant stakeholders informed throughout the response process.

This position requires U.S. citizenship (U.S. born or naturalized) and operating on U.S. soil without dual citizenship, with the ability to meet customer and government screening standards applicable to this role. A U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position may be required.

• 2+ years of experience in an IT operations environment or 1+ years of specialized security operations experience.
• Deep interest and foundational knowledge of information security, including current threats and best practices.
• Knowledge of email security, controls, and header analysis.
• Understanding of operating system administration and security controls for Mac OSX, Microsoft Windows, and Linux/Unix.
• Knowledge of core network fundamentals and common Internet protocols, including DNS, HTTP, HTTPS/TLS, and SMTP.
• Familiarity with core concepts of security incident response (phases of response, vulnerabilities vs. threats vs. actors, and Indicators of Compromise (IoCs)).
• Understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes.
• Ability to build and maintain strong working relationships across internal and external teams.
• Exceptional communication skills (verbal and written).

• Operational Security
  
  Experience:
  
  Strong operational experience with security infrastructure, including network and host-based intrusion detection/response solutions, WAFs, database security monitors, firewalls, proxies, antivirus, file integrity monitoring tools, and operating system logs.
• Threat Landscape Knowledge:
  In-depth understanding of the information security threat landscape (attack vectors, tools, and best practices).
• Project & Collaboration
  
  Skills:
  
  Experience contributing to cross-functional projects and collaborating with global teams, demonstrating influencing skills.
• Mindset: A continuous improvement mindset and a strong desire to learn new skills and enhance security processes.
• Certifications:
  
  Relevant industry certifications (e.g., CompTIA Security+, BTL1, SANs GCFA, GCIH) are beneficial.
• AI/ML Expertise:
  Foundational understanding of Generative AI (GenAI), Agentic AI, and prompt engineering.

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that Salesforce believes in equality for all and strives to create a workplace inclusive and free from discrimination. Know your rights: workplace discrimination is illegal. Salesforce is committed to fair and merit-based decisions in recruiting, hiring, promotion, and compensation, without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, disability, veteran status, or other protected classifications.

In the United States, compensation offered will be determined by factors such as location, job level, knowledge, skills, and experience. Some roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers benefits including time off programs, medical, dental, vision, mental health support, parental leave, life and disability insurance, 401(k), and an employee stock purchase program. For more details, see the Salesforce benefits site.

Salesforce will consider qualified applicants with arrest and conviction records as required by law.

At Salesforce, we value equitable compensation practices reflecting regional labor markets. The typical base salary range for this position is $96,300 - $176,700 annually; in some cities, the range may be $116,000 - $194,200 annually. This range represents base salary only and does not include bonuses,…