CSIRT OR Incident Response Engineer with TS/SCI (onsite Northern Virginia)

Company: Salesforce
Location: Herndon
Posted on: January 26, 2023

Job Description:

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsCSIRT- TS/SCIOn Site Location: Northern VirginiaPLEASE NOTE:Qualification for this job is contingent upon acceptable results from a background investigation as well as your obtaining and maintaining the specific level U.S. government background investigation required for this role. -Salesforce has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. The Blackjack Public Computer Security Incident Response Team (CSIRT) is responsible for 24x7x365 security monitoring and rapid incident response across all Blackjack Public Cloud Salesforce and acquisition environments. This team protects the confidentiality, integrity, and availability of company and customer data.As a key member of our growing Blackjack Cloud, the CSIRT expert will work on the 'front lines' of the Salesforce Government Cloud environment, leading a team that protects our critical infrastructure and our customers' data from the latest information security threats.The CSIRT is responsible for security operations, including real-time analysis of security alert data and leading the response to potential security incidents. Incident Handlers will also work on compliance projects, and improvements to detection and incident response capabilities. We have a strong team environment where knowledge sharing is encouraged.This position is based in our 24x7 operations center. As a result, shift work (including on weekends, as needed) is required.Requirements:

• Active TS/SCI clearance
• A related technical degree required
• Strong problem solving ability to determine solutions to encountered or anticipated challenges
• Robust technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).
• Drive incidents to resolution with an appropriate sense of urgency
• Strong interpersonal and communication skills required for coordinating responses to sophisticated incidents across the organization with many stakeholders
• Ability to lead time and professional interactions well
• Ability to deliver quality work products with ambitious deadlines while balancing multiple priorities
• Must have strong verbal and written communication skills; ability to communicate optimally and clearly to both technical and non-technical staff.
• Technical security background and understanding of network fundamentals and common Internet protocols.
• Technical understanding of AWS or GCP administration and security controls.
• Familiarity with incident response and security operations within public cloud environments.
• The ability to lead the response to high priority, high transparency operational security issues.
• 7+ years experience in the Information Security field.
• Prior experience in a fast paced operational environment
• Professional demeanor even in high stress situationsDesired Skills:
  • Operational experience monitoring devices such as network and host-based intrusion detection systems, web application firewalls, database security monitoring systems, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs.
  • Operational experience responding to security incidents in a production environment, such as investigating and remediating possible endpoint malware infections.
  • System forensics/investigation skills, including analyzing system artifacts (file system, memory, running processes, network connections) for indicators of infection/compromise.
  • Openness to shift work in a 24x7x365 operations environment.
  • Relevant information security certifications, such as CISSP, CERT CSIH, GCIH or other SANS certifications.*LI-YQualification for this job is contingent upon acceptable results from a background investigation as well as your obtaining and maintaining the specific level of U.S. Government security clearance required for this role. U.S. citizenshipAccommodationsIf you require assistance due to a disability applying for open positions please submit a request via this .Posting StatementAt Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.. and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.. and do not accept unsolicited headhunter and agency resumes.. and will not pay any third-party agency or company that does not have a signed agreement with. or .Salesforce welcomes all.

Keywords: Salesforce, Germantown , CSIRT OR Incident Response Engineer with TS/SCI (onsite Northern Virginia), Engineering , Herndon, Maryland