Lead Incident Responder

at  Salesforce

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Enterprise Technology & Infrastructure
Job Details

ABOUT SALESFORCE

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
Overview:
Salesforce - the leader in enterprise cloud computing and #1 place to work according to Fortune magazine -is seeking a Lead Incident Responder with a passion for Information Security and an understanding of responding to security incidents in an enterprise environment.
The Customer Incident Response (CIR) team at Salesforce deals with some of the most challenging information security problems our customers face. The pace and variety of our work creates a unique learning environment. Whether you are starting out or have deep security experience, you will be given unique challenges and the tools to solve them, surrounded by exceptional colleagues, and supported by incredibly helpful partner teams.
Responsibilities:
The Lead Incident Responder is responsible for technical investigations in the response to high severity incidents. This can variously include network forensics, log analysis, and working with a variety of technical stakeholders collaboratively to direct investigations. A successful Lead Incident Responder possesses a unique set of skills and qualities that set them apart in their field. They excel in challenging situations, remaining calm and composed under pressure, and are able to think quickly and strategically to effectively address and resolve incidents.
Provide advanced technical knowledge to incident responders to aid in the identification and containment of incidents.
Function as a technical lead on complex investigations, coordinating with stakeholder technical SMEs.
Analyze large or complicated evidence items from security incidents and synthesize the results to aid in progressing incidents.
Perform advanced host and network forensics.
Perform advanced log analysis using a variety of tools.
Create detailed timelines and other supporting documentation.
Review peers and individual contributors work and train peers and individual contributors on advanced analysis techniques.
Lead customer calls related to customer owned incidents
Work with partner teams to provide technical analysis of cases to assist in the development of mitigation and detection techniques.
Lead efforts to assist customers in complying with regulatory notifications and provide valuable information on threat actor tactics for DORA
Turn technical analysis into high-quality incident after-action reports to include Root Cause assessment for DORA customers.
This position is based in our APAC operations center which operates 5 days per week, weekdays only. Lead Incident handlers also participate in a local on-call rotation for weekends and public holidays, which covers daytime hours only.
Required Skills:
5-7 years experience in information security or closely related roles, with direct experience in security incident response.
Deep understanding of Salesforce Platform.
Ability to manage and constantly triage multiple security incidents, differentiating urgent issues from the merely important.
Ability to meet with customers and communicate complex technical concepts to a non-technical audience.
Ability to stand back from a complex problem, logically assess the facts, and formulate a plan of action - even in the worst of situations.
Experience managing common types of security incidents, e.g., application or OS compromise, endpoint compromise, internal and external data exposure.
Familiarity with common threats and issues leading to security incidents, e.g., common forms of malware, credential phishing, “drive by” host compromises, internal data spillage events, and inadvertent data leaks.
Superior verbal and written communication skills, including the ability to effectively and clearly communicate complex scenarios to non-technical colleagues.
Exceptional technical basics, including networking fundamentals, common application protocols, system architecture, and basics of software development.
Strong Linux and MacOS knowledge, including familiarity with key security controls and preferably some shell scripting experience.
Exceptional log analysis skills, including experience extracting data from complex SQL or Hadoop-type data stores.
Ability to research and learn unfamiliar technologies quickly, adapting existing knowledge and processes to investigate and resolve security issues.
Broad information security knowledge, including some familiarity with key regulations and standards relating to security incident response, as well as regional privacy and regulatory guidelines (e.g., PCI-DSS, GDPR, ISO 27001, DORA).
Desired Skills:
Salesforce Admin certified.
3-5 years E-commerce security experience.
Prior experience in a large and complex organization, operating across numerous locations and with a high degree of change.
Experience with complex digital forensic cases or investigations, e.g., those with very large numbers of devices, exceptional data volumes, or unusual data sources.
Experience securing applications and infrastructure in Amazon Web Services, Google Cloud Platform, and or Azure.
Deep application security knowledge, with the ability to map an application vulnerability to exploitation indications and relevant investigative techniques.
Relevant incident response or information security certifications, such as SANS GCIA, SANS GCIH, SANS GCFA, SANS GNFA, Offensive Security OSCP.
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form .
We are a recognised Disability Confident member under the UK Government Disability Confident employer scheme. We are committed to providing an inclusive recruitment process and will offer an interview to disabled applicants who meet the essential criteria for the role. Applicants are welcome to opt-in to the interview scheme as part of the application process. If you would like to apply under the scheme, please click the link to the Accommodations Request Form above and scroll to the UK Disability Confident Scheme section within the form.
Posting Statement
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com .
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce .
Salesforce welcomes all.

Please refer the Job description for details