Information Security Administrator - CSIRT

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we’re looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce’s core values at the heart of it all.

Ready to level‑up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

The CSIRT at Salesforce deals with the most challenging problems in information security. When you first read about a new issue in the news, our CSIRT is already working on it! The pace and variety of our work create a unique learning environment, whether you are just starting out or have deep security experience.

The CSIRT is the frontline of defense for Salesforce and is responsible for 24x7x365 security monitoring, security operations, real‑time analysis of security alert data, and rapid incident response across multiple Salesforce environments. This team protects the confidentiality, integrity, and availability of company and customer data.

As a key member of our growing team, the incident responder will work on the front lines of the Salesforce environment, working with teammates that protect our critical infrastructure and customer data from the latest information security threats.

The Associate Incident Responder, CSIRT will be part of the monitoring and triage arm of Salesforce CSIRT, responsible for analysing events across a large and complex environment in order to identify security incidents and protect our customers.

Incident Responders use their exceptional judgement and security expertise to distinguish real threats from “noise”. In a typical hour, an Incident Responder might examine a malicious email, investigate an unusual login, and analyse a PC with a potential malware issue. Between these events, they will interact with Salesforce colleagues around the world, who contact Salesforce Security with issues ranging from missing laptops to suspicious devices found in our offices.

A successful Incident Responder will have acute attention to detail and a logical approach to analysis and problem‑solving. This role also requires exceptional communication skills (verbal and written) and an ability to quickly understand complex information while recognising familiar elements within complex situations. The ideal candidate should have an interest in developing automation and exploring AI for operations and response.

• 
  
• Strong interest in information security, including awareness of current threats and security best practices
  
• Understanding of Windows, Linux, Mac operating systems, and command line tools
  
• Expertise in core incident‑response skills such as network security, storage and access security, sandboxing, and compute security
  
• In‑depth understanding of network fundamentals and common Internet protocols, such as DNS, HTTP, HTTPS/TLS, and SMTP
  
• Knowledge of analysing network traffic logs to investigate security or operational issues
  
• Knowledge of email security threats and security controls, including analysing email headers
  
• Foundational understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes for security
  
• A continuous improvement mindset that actively seeks opportunities to enhance security practices, tools, and methodologies while incorporating automation and innovative solutions
  
• Self‑motivated, with excellent communication and collaboration skills to effectively work in a team and engage with stakeholders
  

• 
  
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field
  
• Knowledge of XSOAR, EDR, and SIEM tools is a plus
  
• Scripting experience (e.g. Bash, Python, PowerShell) or any automation/prompt‑engineering experience
  
• Familiarity with OWASP’s Top 10 vulnerabilities and experience mitigating them
  
• Foundational understanding of GenAI/AgenticAI
  
• Prior experience in a fast‑paced operational environment
  
• Strong understanding of the MITRE ATT&CK framework and ability to apply its tactics, techniques and procedures for comprehensive case triage and investigation
  
• Relevant certifications (CompTIA Security+, Security Blue Team, GIAC GCFA, GCIH, etc.) are beneficial
  

Accommodations: If you need a reasonable accommodation during the application or recruiting process, please submit a request via the Accommodations Request Form.

Posting Statement: Salesforce is an equal‑opportunity employer and maintains a policy of non‑discrimination with all employees and applicants for employment. We assess candidates based on merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or any other legally protected classification.

Please note that Salesforce uses artificial intelligence tools to help recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make hiring decisions. xcfaprz We adhere to the Candidate Privacy Statement regarding personal data and opt‑out options.