Job Details

1. The Salesforce Information Security team is best in class. Data security is paramount and a top priority for the company. Trust and security are Salesforce’s number one values.  As a result, we have built a large-scale security monitoring infrastructure that collects, stores, and analyzes terabytes of data every day.

1. Salesforce is seeking a Leader of Threat Detection. This operational team is responsible for writing alerting rules using logs and other data to detect potential attacks against Salesforce. We work closely with the CSIRT team that responds to our alerts and the engineering team that builds the platforms we rely on. This is a small team, but big impact. You would manage a team of 5-10 security engineers working on top security projects.

1. This person will build and maintain a healthy, inclusive team of technical engineers, set and communicate the team’s vision, and maintain strong relationships with the team’s partners. The team is seeking to build its engineering skills, so the manager should be prepared to coach beginning developers and help them grow engineering skills. The team strives to maintain operational excellence in rapid and effective detection development while increasingly automating away routine work, increasing the fidelity of detections, and improving the breadth of what we detect.

1. This person will also be responsible for leading strategic initiatives across and outside the broader Detection & Response organization. For example, the manager may develop and execute our strategy for automated investigation and response (SOAR). The manager is expected to operate independently, resolving ambiguous technical and interpersonal issues with little guidance and proactively identifying and solving new problems.

Required Skills:

1. 5+ years experience in Information Security, including experience in security operations
2. 1+ years experience in people management
3. Demonstrated ability to build a positive team culture and a highly effective team
4. Strong technical understanding of security fundamentals, network and operating system fundamentals and common Internet protocols
5. The interpersonal and communication skills necessary to build strong relationships with both direct reports and peers across the company and industry
6. Ability to write code and SQL well enough to teach others. All common languages are acceptable; Python is preferred.

Preferred Skills:

1. Undergraduate degree in computer science, information technology, or similar subjects
2. Demonstrated ability to think strategically, such as by proposing and leading projects with division-, company-, or industry-wide impact
3. Demonstrated ability to work across teams and/or geographic locations
4. Experience working on and/or leading a detection, SOC and/or incident response team (blue team)
5. Deep understanding of the information security threat landscape, such as common attack vectors and tools, best practices for securing systems and networks, etc.
6. Software engineering experience, especially with demonstrated professional results
7. Experience writing intrusion detection system rules
8. Experience with Splunk and Splunk Processing Language
9. Experience with intrusion detection systems, such as Suricata or Sourcefire
10. Experience with public cloud, such as AWS, Azure and GCP, especially cloud security