Security Officer at Salesforce – India – Hyderabad

Posted on by Vaseline

To get the best candidate experience, we ask that you apply for a maximum of 3 positions within 12 months. This will help you avoid duplicating work.

About Futureforce University Recruiting

Our Futureforce University Recruiting programme is focused on attracting, retaining and cultivating talent. Our interns and recent graduates work on real projects that impact the way our business runs, giving them the opportunity to have a tangible impact on the future of our company. With offices around the world, our recruits have the chance to collaborate and connect with colleagues on a global scale. We offer job shadowing, mentoring programmes, talent development courses and much more.

Job Category

Software engineering

Task details

About Salesforce

We are Salesforce, the Customer Company, inspiring the future of business with AI + Data + CRM. Guided by our core values, we help companies in every industry blaze new trails and connect with customers in entirely new ways. And we empower you to be a Trailblazer too, fueling your performance and career growth, forging new paths, and improving the state of the world. If you believe in business as the best platform for change, and in companies doing well and doing well, you’ve come to the right place.

Job description

Salesforce — the leader in enterprise cloud computing and one of Fortune magazine’s top 10 workplaces — is hiring security engineers to work in Detection & Response (DnR). DnR is an Intel-powered security organization that identifies, detects, and responds to security incidents, vulnerabilities, and gaps in security controls to reduce risk and impact to Salesforce, our customers, and our community. We aim to lead the world in Intel-powered, autonomous security operations at scale, delivering clear insights that empower Salesforce to make secure, data-driven decisions effortlessly. DnR focuses on detecting and responding at scale, while reducing cost and risk to the business through our automation, AI, and cost-to-serve initiatives.

Role 1: CSIRT1

Required skills:

  • Strong interest in information security, including awareness of current threats and security best practices

  • Knowledge of Windows, Linux, Mac operating systems and command line tools.

  • Expertise in some core IR skills (incident response, network security, storage and access security, sandboxing, computer security, etc.)

  • In-depth knowledge of network fundamentals and common Internet protocols, such as DNS, HTTP, HTTPS/TLS and SMTP

  • Knowledge of analyzing network traffic logs to investigate security issues or complex operational problems

  • Knowledge of email security threats and security measures, including analyzing email headers

  • Basic knowledge of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes for security.

  • A continuous improvement mindset that actively seeks opportunities to enhance security practices, tools, and methodologies, while integrating automation and innovative solutions.

  • Self-motivated, excellent communication and collaboration skills to work effectively in a team and communicate with stakeholders.

  • As we are a 24/7 team, it is essential that you are willing to work in shifts, including nights and weekends.

Desired skills and experience

The following points are not hard requirements, but they are an advantage:

  • Bachelor’s/Master’s degree in Computer Science, Cybersecurity, or a related field.

  • Knowledge of XSOAR, EDR and SIEM tools is a plus.

  • Scripting language (e.g. Bash, Python, Powershell, etc.) or experience with automation/prompt engineering.

  • Knowledge of OWASP’s top 10 vulnerabilities and experience in resolving them.

  • Previous experience in a dynamic operational environment.

  • A solid understanding of the MITRE ATT&CK framework and the ability to apply its associated tactics, techniques, and procedures (TTPs) is highly beneficial for conducting comprehensive case triage and investigation.

  • Relevant certifications (CompTIA Security+, BlueTeam, SANs GCFA, GCIH, etc.) are an advantage.

Role 2: Threat Detection

Required skills:

  • 0-2 years of experience in analyzing security events, responding to security incidents, handling incidents and breaches or related experience preferred

  • Good knowledge of writing detections based on network, host, operating system and other relevant logs

  • Experience writing correlation and log analysis queries with multiple log sources

  • Data processing and data analysis skills for security analysis

  • Experience coding with Python or other common programming languages ​​for automation tasks

  • Ability to correlate across multiple sources of logs to effectively detect adversaries

  • Good knowledge of security basics, least privileges, vulnerabilities, attack scenarios, MITRE framework, and kill chain that help detect and respond to an attack.

  • Good knowledge in understanding configuration and logs of various advanced security tools like EDR, NDR, NGAV, Email Security Gateway etc.

  • Effective communication and collaboration skills with multiple teams within the security organization, data science, and other partner teams.

Qualifications:

  • Master’s degree in Computer Science, Information Security, or a related field (or equivalent experience).

  • Demonstrable experience in detecting threats, monitoring security or responding to incidents.

  • Knowledge of SIEM tools (e.g. Splunk, ArcSight, QRadar) and other security technologies (e.g. IDS/IPS, EDR, firewalls).

  • In-depth knowledge of network protocols, operating systems, and common attack vectors.

  • Experience with scripting and automation (e.g. Python, PowerShell) is a plus.

  • Good analytical, problem-solving and communication skills.

Desired skills:

  • Hands-on experience with all log aggregation/SIEM tools such as (but not limited to) Splunk, Elastic (ELK), FLINK, SQL, etc.

  • Experience with public clouds, such as AWS, Azure or GCP, specifically public cloud security.

  • Experience in assessing the priority of a vulnerability based on risk and impact.

  • Bachelor’s degree in cybersecurity, computer science, information technology, or similar fields.

  • Experience with an automation platform such as SOAR is a plus

  • Experience working in a globally distributed team, utilizing documentation and asynchronous communication as needed

In this role, you will be responsible for the vulnerability lifecycle or threat detection. You will write logic on a wide range of security platforms to detect malicious activity at different stages of the attack lifecycle. You will build attack simulation scenarios, reproduce attack scenarios, and test the effectiveness of your own and your colleagues’ logic. You will work within the response team to reduce the severity of vulnerabilities and participate in the response to high severity vulnerabilities. You will also collaborate with the engineering teams to develop technology that enables this work. You will work closely with the incident response team to improve the reliability and quality of alerts.

As a Security Engineer, you will have full ownership of a technical area and be responsible for delivering all the necessary research and functionality to achieve our team’s goals in that area. You will collaborate with teams across multiple regions to execute initiatives with many moving parts. You will also have the opportunity to lead broader initiatives that go beyond our own work. We value innovation and expect everyone to innovate and come up with creative ways to solve the problems we and our customers face.

Role 3 – Security Compliance Customer Trust – SCCT

Responsibilities:

  • Work with Salesforce customers and prospects to complete security and compliance questionnaires.

  • Maintain and update customer-facing security and compliance documents, including white papers.

  • Manage customer security audits with end-to-end responsibility, working across time zones

  • Provide valuable input to the Product Management organization based on customer generated requests

  • Create and maintain a comprehensive security and compliance knowledge base across multiple Salesforce services for sales and customer success teams

  • Support the development of security and compliance training programs for internal sales and customer success groups

  • Ensure customer is ready for audits by preparing audit evidence

  • Improve your processes by using the SFDC platform

  • Working independently and in a team

Required experience/skills:

  • Bachelor’s degree in computer science or a technology-related field

  • Graduate/Post Graduate/Diploma in Information Security or Cyber ​​Security

  • 0-3+ years of experience supporting RFPs/RFIs for large clients across multiple industries, with a focus on security and compliance, within a global on-demand environment

  • 0-3+ years of experience managing application security and risk assessments and cloud security questionnaires

  • In-depth knowledge of various security certifications for cloud environments (e.g. CSA CAIQ, SOC 2, ISO 27K, PCI-DSS, etc.)

  • Good organizational skills with the ability to meet strict time requirements

  • Excellent written and oral communication skills

  • Strong analytical and research skills

  • Average knowledge of application security, with the ability to map application vulnerabilities based on indications of exploitation and relevant investigation techniques.

  • Experience in managing common types of security vulnerabilities, for example OWASP Top 10.

  • Knowledge of common threats and issues related to security vulnerabilities such as credential phishing, internal data leaks, and accidental data breaches.

Please Note: This job description serves as a general summary of the core responsibilities and qualifications for this position. Other duties may be assigned as needed to fulfill the objectives of the role.

Accommodations

If you need assistance applying for a job vacancy due to a disability, you can submit a request using this Accommodation Request Form.

Placement statement

At Salesforce, we believe that the business of business is to improve the state of our world. Each of us has a responsibility to advance equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about equality at www.egality.com and discover the benefits of our company on www.salesforcebenefits.com.

Point of sale is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Point of sale does not accept unsolicited resumes from headhunters and agencies. Point of sale will not pay any third party agency or company that does not have a signed agreement with Point of sale.

Salesforce welcomes everyone.

Avatar for Vaseline
Vaseline https://newspowergreen.biz.id

You May Also Like

More From Author