Senior Threat Detection Engineer

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

achieve our team's goals in that area. You will work across teams in multiple geographies to deliver on initiatives with many moving parts. You will also have the opportunity to lead broad initiatives that go beyond our own work. We value innovation and expect everyone to innovate and come up with creative ways to solve the problems that we and our customers face.
Core Skills:
Cyber Security professional with over 10 years, including at least 8 years hands on experience in Threat Detection, Threat Hunting, Security Incident Response, and managing significant security incidents and breaches.
Experience and expertise in developing and refining threat detection methodologies is a prerequisite. This proficiency in leveraging security logs from multiple log source types which includes network infrastructure, endpoint devices, public and private cloud substrates and SaaS A comprehensive grasp of log structure, data normalization techniques, and the capacity to isolate critical security incidents is imperative..
Strong proficiency and experience in log correlation techniques to identify patterns and anomalies indicative of malicious activity. Demonstrate expertise in constructing complex search queries using languages such as SPL, YARAL and other query languages to analyze large volumes of data. Possess strong data analysis skills to interpret query results, identify false positives, and fine-tune detection rules for optimal efficacy.
Demonstrate in-depth knowledge of fundamental security principles, common attack vectors employed by threat actors, Tactics, Techniques, and Procedures (TTPs) used throughout the cyber kill chain, and relevant security frameworks such as the MITRE ATT&CK framework. This understanding is crucial for developing context-aware and effective detection strategies.
Possess practical experience in working with a variety of security tools and technologies, including Security Information and Event Management (SIEM) systems for centralized log analysis and alerting, Endpoint Detection and Response (EDR) solutions for endpoint visibility and threat mitigation, Network Detection and Response (NDR) tools for network traffic analysis and anomaly detection, and Security Orchestration, Automation and Response (SOAR) platforms for automating incident response workflows.
Demonstrate the ability to effectively handle and analyze large and complex datasets, identifying meaningful security insights and trends from vast amounts of information. This includes understanding data processing pipelines, performance considerations when querying large datasets, and the ability to synthesize findings into actionable intelligence.
Preferred Skills:
Hands on experience with any log aggregation/SIEM tool such as and not limited to Splunk , Elastic (ELK), FLINK , Chronicle etc
Hands on Experience with public cloud, such as AWS or Azure or GCP, especially Public cloud security.
Undergraduate degree in cyber security, computer science, information technology, or similar subjects.
Experience working in a globally distributed team leveraging documentation and async communications as needed
Prior experience or basic knowledge on DS algorithms and methodologies
Experience on automation platform such as SOAR would be preferred

Required Experience
6 to 10 years of experience in relevant areas like threat detection or security incident response.
Knowledge of writing detections based on network, host, OS, and other logs.
Experience with correlation and complex log analytic queries.
Coding experience with Python or other languages for automation.
Ability to correlate multiple log sources for effective adversary detection.
Good knowledge of security fundamentals, attack scenarios, and MITRE framework.
Understanding of configuration and logs from advanced security tools.
Effective communication and collaboration skills.

*****************************

Job Description Key Points
The Threat Detection team is responsible for detecting attacks against Salesforce's infrastructure, products, employees, and customers.
The team collaborates with CSIRT and engineering teams to enhance detection effectiveness.
The role involves writing logic on security platforms to detect malicious activity, building attack simulation scenarios, and testing logic effectiveness.
Collaboration with the incident response team is essential to improve alert reliability and quality.
As a Senior Threat Detection Engineer,, you will be responsible to lead a project end to end owning a technical area, and delivering research and features.
In this role you will be working security organization wide initiatives and cross-team collaboration are expected working with multiple engineering teams is required.
You will have innovative and creative problem-solving skills .
Required Skills Key Points
6 to 8 years of experience in relevant areas like threat detection or security incident response.
Knowledge of writing detections based on network, host, OS, and other logs.
Experience with correlation and complex log analytic queries.
Coding experience with Python or other languages for automation.
Ability to correlate multiple log sources for effective adversary detection.
Good knowledge of security fundamentals, attack scenarios, and MITRE framework.
Understanding of configuration and logs from advanced security tools.
Effective communication and collaboration skills.
Preferred Skills Key Points
Experience with automation platforms like SOAR.
Hands-on experience with log aggregation/SIEM tools.
Experience with public cloud security (AWS, Azure, GCP).
Undergraduate degree in a relevant field.
Experience in a globally distributed team.
Prior experience or basic knowledge of DS algorithms and methodologies.
Job Description

Salesforce - the leader in enterprise cloud computing and one of the top 10 places to work according to Fortune magazine - is seeking Threat Detection engineers to improve the coverage, quality and reliability of our security alerts and logs.Threat Detection team is responsible for all the detections written to detect attacks against Salesforce's infrastructure , Product , employees and its customers. We work closely with the CSIRT team that responds to our alerts and the engineering team that builds the platforms we rely on to improve effectiveness of detections that we build.

You will be responsible for the lifecycle of threat detection in this role. You will write logic on a wide variety of security platforms to detect malicious activity in various stages of the attack lifecycle. You will build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of yours and your peers logic. You will also partner with the engineering teams to develop technology that enables this work. You will closely collaborate with the incident response team to improve the reliability and quality of alerts. Your technical skills, collaboration and teamwork will help to ensure that our detection system works well to Secure Salesforce and its customers. If you want to solve interesting challenges in threat detection and some unique cyber security challenges this is the place you want to be in.

As a Senior Threat Detection Engineer, you will take on complete ownership of a technical area, responsible for delivering all necessary research and features to achieve our team's goals in that area. You will work across teams in multiple geographies to deliver on initiatives with many moving parts. You will also have the opportunity to lead broad initiatives that go beyond our own work. We value innovation and expect everyone to innovate and come up with creative ways to solve the problems that we and our customers face.

Required Skills:
10 to 14 years of experience Cyber Security with at least 8 years in Threat detection, Threat Hunting, Security incident response, handling major incidents and breaches or related experience
Good knowledge of writing detections based on Network , Host , OS and other relevant logs
Experience writing correlation and complex log analytic queries involving multiple log sources
Experience coding with Python or other common coding languages to automation tasks
Ability to correlate between multiple sources of logs to write and effectively detect adversaries
Good knowledge of security fundamentals, of least privilege, Vulnerabilities, attack scenarios, MITRE framework, kill chain that help detect and respond to an attack.
Good knowledge of understanding configuration and logs from various advanced security tools such as EDR , NDR , NGAV , Email Security Gateway etc
Effective communication & collaboration skills with multiple teams within Security Organisation , Data Science and other partner teams.

Preferred Skills:
Experience on automation platform such as SOAR would be preferred
Hands on experience with any log aggregation/SIEM tool such as and not limited to Splunk , Elastic (ELK), FLINK , SQL etc
Experience with public cloud, such as AWS or Azure or GCP, especially Public cloud security.
Undergraduate degree in cyber security, computer science, information technology, or similar subjects.
Experience working in a globally distributed team leveraging documentation and async communications as needed
Prior experience or basic knowledge on DS algorithms and methodologies

LMTS

Salesforce - the leader in enterprise cloud computing and one of the top 10 places to work according to Fortune magazine - is seeking Threat Detection engineers to improve the coverage, quality and reliability of our security alerts and logs.Threat Detection team is responsible for all the detections written to detect attacks against Salesforce's infrastructure , Product , employees and its customers. We work closely with the CSIRT team that responds to our alerts and the engineering team that builds the platforms we rely on to improve effectiveness of detections that we build.

You will be responsible for the lifecycle of threat detection in this role. You will write logic on a wide variety of security platforms to detect malicious activity in various stages of the attack lifecycle. You will build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of yours and your peers logic. You will also partner with the engineering teams to develop technology that enables this work. You will closely collaborate with the incident response team to improve the reliability and quality of alerts. Your technical skills, collaboration and teamwork will help to ensure that our detection system works well to Secure Salesforce and its customers. If you want to solve interesting challenges in threat detection and some unique cyber security challenges this is the place you want to be in.

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.

Accommodations

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.

Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates' resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.