Director, Customer Security Response

Salesforce•San Francisco, CA

1d•$197,300 - $344,700•Onsite

About The Position

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. The Director of Customer Security is part of our Customer Response, Escalation, and Security Team (CREST) — a global team of elite incident responders protecting Salesforce customers from the most sophisticated security threats. This role leads CREST operations across the Asia-Pacific (APAC) region and US West Coast and sits within the broader Security organization, reporting to the Director of CREST. We are looking for a Director of Customer Security who is an investigator first and a leader second. You will own the region's most complex, high-severity security incidents end-to-end — from hands-on log analysis and scoping through executive communication and regulatory notification — while building and managing the team that handles our growing incident volume. This role is based in Bellevue, WA or San Francisco, CA.

Requirements

10+ years in information security, including at least 5 years leading hands-on incident response — and you are currently performing technical investigations, not purely managing.
Can independently scope data exfiltration across APIs, bulk exports, and connected apps in multi-tenant SaaS environments, and write complex multi-source Splunk and SQL queries, including regex-based correlation.
Demonstrated track record of leading complex, high-severity incidents end-to-end — from technical investigation through executive communication and regulatory notification (including Global Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), and state breach notification laws).
Built and managed high-performing, globally distributed security teams with clear performance standards, and can influence cross-functionally across Engineering, Legal, Product, and customer-facing organizations.

Nice To Haves

Experience managing AI and automation programs within security operations, including agentic workflows or detection automation.
Relevant certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).
Deep familiarity with the Salesforce platform ecosystem (Core, Marketing Cloud, Commerce Cloud) or comparable large-scale SaaS environments.
Background in advanced threat hunting, behavioral modeling, or detection engineering programs.

Responsibilities

Personally lead the most complex customer security investigations across APAC and US West, including multi-cloud data exfiltration scoping, novel attacker tactics, techniques, and procedures (TTPs), and advanced API abuse — using tools like Splunk and SQL to determine scope, timeline, and exfiltration vectors.
Serve as the final technical authority on containment decisions for the region, including credential rotation, OAuth revocation, IP blocks, and deployment moratoriums, and lead high-stakes customer calls — including those involving legal counsel or regulatory pressure — without requiring senior escalation.
Own regional operations including staffing, capacity planning, on-call scheduling, and case assignment, while setting quality standards for investigation documentation and customer-facing notifications across APAC and US West.
Drive cross-functional engagement with Detection Engineering, Threat Intelligence, Product Security, and Legal to close detection gaps, and lead the team's transition from manual investigation to AI-driven automated triage and scoping.