Salesforce Jobs and Careers - Join the #SalesforceOhana -
Senior Security Incident Handler
Information and Product Security
Australia - Sydney

Senior Security Incident Handler


Salesforce - the leader in enterprise cloud computing and one of the top 10 places to work according to Fortune magazine -is seeking a Senior Security Incident Handler with a passion for Information Security and a strong understanding of security monitoring and incident response.

Salesforce has one of the best Information Security teams in the world and growing this area of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. The Computer Security Incident Response Team (CSIRT) is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. We are the ‘tip of the spear’ and the last line of defense in protecting company and customer data from our adversaries.

As a key member of our growing CSIRT, the Senior Security Incident Handler will work on the ‘front lines’ of the Salesforce production environment, assisting a team that protects our critical infrastructure and our customers’ data from the latest information security threats. The Senior Security Incident Handler will lead the response to high severity incidents, act as a technical escalation point for the team, and perform other security monitoring/incident response functions as needed.

This individual will also lead significant strategic projects, focused on enhancements to the CSIRT’s capabilities to help ensure the Salesforce CSIRT remains an industry leader in Incident Response.

This position is based in our Sydney security operations center that is part of our 24x7x365 global security operations. This role generally works 5 days a week during business hours and may require some weekend work.

Required Skills:

  • 5+ years experience in the Information Security field, including operational security monitoring, incident response, or offensive security experience.

    • Monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.

    • Responding to security incidents in a production environment, such as investigating and remediating possible endpoint malware infections and mitigating email borne threats such as spam and phishing.

  • The ability to cross-functionally lead and coordinate the response to high priority, high visibility operational security issues.

  • The ability to build strong relationships with peers both internal and external to your functional group, and with peers/professional organizations outside of the company.

  • The ability to train and mentor other Incident Handlers in technical and complex incident response techniques.

  • Strong technical understanding of network fundamentals and common internet protocols.

  • Strong technical understanding of administration and security controls with at least two of the following operating systems; Mac OS X, Microsoft Windows, or Linux/Unix system.

  • System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.

  • Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).

  • Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.

Desired Skills:

  • Experience using security incident and event management tools for hunting and investigating security incidents is a benefit.

  • Ability to take technical incident response concepts and apply them in detection and hunting scenarios.

  • Prior experience in a 24x7x365 operations environment.

  • Experience in malware static/behavioral reversing.

  • Experience translating highly technical incident response problems into business risks.

  • Relevant information security certifications, such as CISSP, SANS GCIA, SANS GCIH, SANS GPEN, SANS GCFA, SANS GNFA, SANS GREM, or Offensive Security OSCP/OSCE.

  • Scripting skills (i.e. Python/Perl/Ruby, shell scripting) or development experience is a significant plus.

Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas—a new technology model in cloud computing, a pay-as- you-go business model and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes World’s Most Innovative Company five years in a row and one of Fortune 100 Best Companies to Work For eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana made up of our employees, customers, partners and communities, we are working to improve the state of the world.


Would you like to apply to this job?

Apply for the Senior Security Incident Handler position and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. and do not accept unsolicited headhunter and agency resumes. and will not pay fees to any third-party agency or company that does not have a signed agreement with or
EEO - It's the law.

Accessibility – If you require accessibility assistance applying for open positions please contact the Recruiting Department.

Pay Transparency Policy Statement – The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

Join the #SalesforceOhana Search jobs ›
Follow us

Live Chat
Previous MonthNext Month