×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Security Manager

Threat Intelligence Automation Developer; Orchestration

Job in Seattle, King County, Washington, 98127, USA
Listing for: Salesforce
Full Time position
Listed on 2026-05-15
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Security Manager
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Threat Intelligence Automation Developer (Orchestration)

Job Details

Job Category: Software Engineering

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we’re looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce’s core values at the heart of it all.

Overview

of the Role

Our Threat Intelligence team focuses on defending Salesforce and our customers by cutting through the noise and identifying who’s targeting us and what emerging threats we need to prepare for. Our team includes those who have faced nation‑state, eCrime, and other types of adversaries in threat intelligence, incident response, and/or threat detection functions in past lives. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.

In the capacity of a Threat Intelligence Automation Developer, you operate at the nexus of security analysis and systems development within our Counter‑Threat Operations. Your objective is to convert massive streams of adversary data into meaningful insights by engineering and optimizing large‑scale automated pipelines. Beyond simply processing data, you will architect the essential framework that empowers our Threat Intelligence (TI), Security Operations Center (SOC), and Incident Response (IR) practitioners to outpace modern threats.

You will drive initiatives to expand our tracking of threat groups, analyze malicious campaigns, and streamline the delivery of intelligence across the entire security ecosystem.

Location(s)

Washington, D.C. | McLean, VA | Seattle, WA | San Francisco, CA

Responsibilities
  • Engineering and Systems Orchestration:
    Architect and implement programmatic solutions and cross‑platform integrations within the Threat Intelligence Platform (TIP) and Security Orchestration, Automation, and Response (SOAR) ecosystems to drive high‑velocity security operations at scale.
  • Strategic

    Collaboration:

    Work alongside Threat Researchers to decode sophisticated adversary tradecraft, transforming manual investigative workflows into automated and repeatable detection frameworks.
  • Collections Leadership:
    Function as a pivotal member of the Collections Team; oversee the evaluation of novel data streams and serve as the technical authority for sophisticated data ingestion and normalization initiatives.
  • Intelligence Lifecycle Refinement:
    Optimize the intelligence production cycle by engineering automations that eliminate manual processing burdens, empowering practitioners to prioritize complex strategic analysis.
  • Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
  • Contribute to building and maintaining the shared system context—an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
Required Qualifications
  • A minimum of three years within the cybersecurity domain, including at least one year dedicated to security engineering, Dev Sec Ops , or automation workflows.
  • Advanced Python development ability for complex programmatic requirements; additional proficiency in Bash and JavaScript for orchestration and frontend‑adjacent scripting is highly desirable.
  • Hands‑on experience implementing SOAR platform orchestration utilizing industry‑standard tools such as Palo Alto Cortex XSOAR, Splunk Phantom, Tines, or Swimlane.
  • Familiarity with the administration and expansion of Threat Intelligence Platforms, specifically including environments like Vertex Synapse, Threat Connect, Anomali, or MISP.
  • Demonstrated expertise in normalizing unstructured data via RESTful APIs and regular expressions (Regex), with a focus on mapping digital footprints into structured formats like JSON or the Synapse Data Model.
  • Technical mastery of version control systems, primarily git, and the integration of Continuous Integration/Continuous Delivery (CI/CD) best practices within security engineering workflows.
  • Experien…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search