Incident Responder CSIRT - Multiple Levels

About The Position

Requirements

• 2+ years of experience in an IT operations environment or 1+ years of specialized security operations experience.
• Deep interest and foundational knowledge of information security, including current threats and best practices.
• Knowledge of email security, controls, and header analysis.
• Understanding of operating system administration and security controls for Mac OSX, Microsoft Windows, and Linux/Unix.
• Knowledge of core network fundamentals and common Internet protocols, including DNS, HTTP, HTTPS/TLS, and SMTP.
• Familiarity with core concepts of security incident response (phases of response, vulnerabilities vs. threats vs. actors, and Indicators of Compromise (IoCs)).
• Understanding of cloud security principles and experience with leading platforms (GCP, AWS, Azure) and Kubernetes.
• Ability to build and maintain strong working relationships across internal and external teams.
• Exceptional communication skills (verbal and written).
• Must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship.
• Must agree to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.

Nice To Haves

• Strong operational experience with security infrastructure, including network and host-based intrusion detection/response solutions, WAFs, database security monitors, firewalls, proxies, antivirus, file integrity monitoring tools, and operating system logs.
• In-depth understanding of the information security threat landscape (attack vectors, tools, and best practices).
• Experience contributing to cross-functional projects and collaborating with global teams, demonstrating influencing skills.
• A continuous improvement mindset and a strong desire to learn new skills and enhance security processes.
• Relevant industry certifications (e.g., CompTIA Security+, BTL1, SANs GCFA, GCIH) are beneficial.
• Foundational understanding of Generative AI (GenAI), Agentic AI, and prompt engineering.

Responsibilities

• Monitor and Triage Security Alerts: Perform 24x7 with CSIRT’s Tier 1 monitoring function of security events across Salesforce environments, triaging and prioritizing alerts to help identify potential threats requiring escalation.
• Participate in Incident Response Activities: Support containment, eradication, and recovery efforts during security incidents, following established playbooks and guidance from senior team members.
• Collaborate Across Teams: Work closely with engineering, business, and security teams to coordinate response efforts and drive organizational security uplift.
• Document and Communicate Findings: Produce clear and accurate incident notes and summaries, keeping relevant stakeholders informed throughout the response process.

Benefits

• time off programs
• medical
• dental
• vision
• mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program