Lead Threat Intelligence Researcher

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsDepartment Description: Our Threat Intelligence team focuses on defending our organization and our customers by cutting through the noise and identifying who’s targeting us and preparing the organization for emerging threats! Our team includes those who have faced government-backed, advanced e-crime, and other types of adversaries in threat intelligence, incident response, and/or threat detection function in previous roles. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.Role Description: As a Threat Intelligence Researcher, you will analyze new and emerging threats to Salesforce, our platforms customers. This person will be directly performing deep research across multiple datasets and environments during investigations and building capabilities to be situationally aware of everything that matters at Salesforce. This analysis will extract attacker tactics, techniques and procedures (TTPs), uncover unique attributes of their TTPs, and build attacker profiles with this data. You will be a critical part of the security organization and influencing security and our partners ensuring the trust of our environment and our platforms.ResponsibilitiesIdentify new and existing threats and clearly distill this information to support finished intelligence to multiple internal partners, including executivesPerform intelligence research during incident response, supporting multiple teams and drive direction of investigations based on knowledge of attackersManage threat data and build intelligence assessments and output in support of our incident response, threat hunting, threat detection, and security engineering missionsWrite scripts and tools to help with analysis and build automation to aid the investigation or research the next time aroundBuild expertise on any threats targeting Salesforce and provide attribution to attacker activity when possibleMinimum Requirements: 5+ years of first-hand experience identifying, tracking, and disrupting advanced cyber threat actors, including government-backed and advanced e-crime adversaries; in-depth knowledge of sophisticated actor TTPsEstablished threat intelligence practitioner with industry and community contactsDemonstrated ability scripting, automating, and building investigative tooling (Python, Bash, SQL, Splunk, etc)3+ years of malware research and/or platform abuse experience, including threat hunting across internal and external datasets, experience (YARA, Sigma)Experience with Cyber Threat Intelligence writing for both technical, non-technical, and executive audiences - ideally with threat briefings, threat reports, blog posts, or similar finished intelligenceExperience conducting and correlating threat research using OSINT, incident response engagement data, and proprietary toolsA capable oral and written communicator, you are able to engage others in the business at multiple levels to translate threat research into practical recommendations to craft the businessYou operate in an autonomous manner, driving the delivery of projects and deliverables with minimal oversight across multiple teamsYou can work actively as a part of a globally distributed team, including remote and in-person colleaguesPreferred Requirements: Experience with security analysis tools (Jupyter notebooks, Splunk, ElasticSearch, etc.)Experience with SOAR platforms and security orchestration and automationExperience with threats in AWS, Microsoft Azure, and Google CloudExperience with hunting/IR tools used for host and network analysisExperience using Threat Intelligence Platforms, and building integrations with these platformsYou have an understanding existing and emerging threats to an organization spanning multiple industries and threat profilesYou have performed all of the above “at scale“ in a large, complex environmentAccommodationsIf you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.Posting StatementAt Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.Salesforce, Inc. and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce, Inc. and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce, Inc. and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce, Inc. or Salesforce.org.Salesforce welcomes all.