Listing Description
Salesforce - the leader in enterprise cloud computing and number 1 World's best workplace according to Fortune magazine - is seeking an Incident Handler for our Computer Security Incident Response Team (CSIRT).
Salesforce has one of the best Information Security teams in the world and growing this area of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. The Computer Security Incident Response Team (CSIRT) is responsible for 24x7x365 security monitoring and rapid incident response across all Salesforce environments. We are the ‘tip of the spear’ and the last line of defense in protecting company and customer data from our adversaries.
The Incident Handler is responsible for executing security operations processes, including real-time analysis of security alert data and assisting in the response to potential security incidents.
This position is based in our Sydney Australia security operations center that is part of our 24x7x365 global security operations. This role generally works a standard business week (Sydney business hours), but occasional weekend work and / or on-call rotations may be required.
Apply Online Here: https://salesforce.wd1.myworkdayjobs.com/en-US/External_Career_Site/job/Australia---Sydney/Security-Incident-Handler_JO-1712-623512-5 years experience in the Information Security field, including operational security monitoring or incident response experience.
Experience monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.
Experience responding to security incidents in a production environment, such as investigating and remediating possible endpoint malware infections and mitigating email borne threats such as spam and phishing.
Strong technical understanding of network fundamentals and common Internet protocols.
Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).
Familiarity with Microsoft Windows, Macintosh, Linux/Unix system administration and security controls.
Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.
Experience using security incident and event management tools for hunting and investigating security incidents.
System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.
Experience using intrusion detection systems for security incident monitoring and investigations.
Scripting skills (i.e. Python/Perl, shell scripting) a significant plus.
Prior experience in a 24x7x365 operations environment is a benefit.
Prior experience performing incident response or digital forensics as part of an internal team or in a consulting capacity.
Familiar with ITIL service management methodology.
Ability to write custom intrusion detection system rules (i.e. YARA, OpenIOC).
Relevant information security certifications, such as CISSP, SANS GCIA, SANS GCIH, SANS GPEN, SANS GCFA, Offensive Security OSCP.
Listing Details
- Citizenship: No Requirements
- Incentives: Both
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute