To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsDepartment Description: Our Threat Intelligence team focuses on defending our organization and our customers by cutting through the noise and identifying who’s targeting us and preparing the organization for emerging threats. Our team includes those who have faced government-sponsored, advanced e-crime, and various other types of adversaries in a threat intelligence, incident response, and/or threat detection function in past lives. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.Role Description: As a Threat Intelligence Researcher, you will perform analysis on new and emerging threats to Salesforce, our Platforms, and our customers. You are a top-tier security/intelligence professional with experience leading and delivering intelligence products that are timely, tailored to the audience, and inspire change and awareness. You are an expert at engaging with diverse audiences, including senior executives, and discussing complex cybersecurity topics. You are an expert in government-backed and advanced e-crime actors, and you maintain the ability to cultivate relationships on these topics across public and private industries. You will be hands on performing research across multiple data sets during investigations and building capabilities to be situationally aware of everything that matters at Salesforce. This analysis will extract attacker Tactics, Techniques and Procedures (TTPs), uncover unique attributes of their TTPs, and build attacker profiles with this data. You will be a critical part of the security organization and influencing security and our partners ensuring the trust of our environment and our platforms.ResponsibilitiesIdentify new or existing threats and distill this information into concise finished intelligence to multiple internal partners, including executivesPerform intelligence research during incident response, supporting multiple teams and drive direction of investigations based on knowledge of attackersManaging threat data and create intelligence assessments and output in support of our incident response, threat hunting, threat detection, and security engineering missionsBuild expertise on any threats targeting Salesforce and provide attribution to attacker activity when possibleBriefing complex threats to varying audiences, both technical/non-technical and executivesMinimum Requirements: Experience (either hands-on or supporting processes for) identifying, tracking, and/or disrupting advanced cyber threat actors, including government-backed and advanced e-crime adversaries; in-depth knowledge of advanced actor TTPs5+ years hands-on experience with strategic intelligence writing and standard conventions: BLUF, estimative language, ability to express analytic confidence, knowledge of common analytics frameworks (Cyber Kill Chain, Diamond Model, MITRE ATT&CK, etc.), and structured analytic techniques (Analysis of Competing Hypotheses, etc.)Established threat intelligence practitioner with industry and community contactsExperience with Cyber Threat Intelligence writing for both technical, non-technical, and executive audiences - ideally with threat briefings, threat reports, blog posts, or similar finished intelligenceExperience using Threat Intelligence Platforms and sitting functional rolesA capable oral and written communicator, you are able to engage others in the business at multiple levels to translate threat research into actionable recommendations to shape the businessExperience conducting and correlating threat research using OSINT, incident response engagement data, and proprietary toolsYou operate in an autonomous manner, driving the delivery of projects and deliverables with minimal oversight across multiple teamsYou can work actively as a part of a globally distributed team, including remote and in-person colleaguesYou have an understanding existing and emerging threats to an organization spanning multiple industries and threat profilesExperience conducting oral and written customer-facing threat intelligence briefingsPreferred Requirements: Experience scripting, automating, and building investigative toolingExperience with Python, SQL, Splunk, Bash, database tooling, and using automation/SOAR platformsExperience with security analysis tools (Jupyter notebooks, Splunk, ElasticSearch, etc)Experience with threats in AWS, Microsoft Azure, and Google CloudExperience with hunting/IR tools used for host and network analysisFamiliarity with reverse engineering or malware researchYou have performed all of the above “at scale“ in a large, complex environmentAccommodationsIf you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.Posting StatementAt Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.Salesforce, Inc. and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce, Inc. and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce, Inc. and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce, Inc. or Salesforce.org.Salesforce welcomes all.
View Original Job Posting