Senior Threat Detection Engineer

About The Position

Requirements

• 8+ years of experience in Cyber Security, including at least 6 years of hands-on experience in Threat Detection, Threat Hunting, Security Incident Response, and managing significant security incidents and breaches.
• Expertise in developing and refining threat detection methodologies, leveraging security logs from various sources, including network infrastructure, endpoint devices, public and private cloud substrates, and SaaS.
• Strong proficiency in log correlation techniques to identify patterns and anomalies indicative of malicious activity.
• Expertise in constructing complex search queries using languages such as SPL, YARA, and other query languages to analyze large volumes of data.
• In-depth knowledge of fundamental security principles, common attack vectors, Tactics, Techniques, and Procedures (TTPs) used throughout the cyber kill chain, and relevant security frameworks such as the MITRE ATT&CK framework.
• Practical experience with a variety of security tools and technologies, including SIEM systems, EDR solutions, NDR tools, and SOAR platforms.
• Ability to handle and analyze large and complex datasets, identifying meaningful security insights and trends.
• Understanding data processing pipelines, performance considerations when querying large datasets, and synthesizing findings into actionable intelligence.

Nice To Haves

• Hands-on experience with log aggregation/SIEM tools such as Splunk, Elastic (ELK), FLINK, Chronicle, etc.
• Experience with public cloud security, particularly AWS, Azure, or GCP.
• Undergraduate degree in Cyber Security, Computer Science, Information Technology, or similar fields.
• Experience working in a globally distributed team, leveraging documentation and asynchronous communications.
• Experience with automation platforms such as SOAR.

Responsibilities

• Detecting attacks against Salesforce's infrastructure, products, employees, and customers.
• Collaborating with CSIRT and engineering teams to enhance detection effectiveness.
• Writing logic on security platforms to detect malicious activity, building attack simulation scenarios, and testing logic effectiveness.
• Working closely with the incident response team to improve alert reliability and quality.
• Leading projects end-to-end, owning a technical area, and delivering research and features.
• Engaging in security organization-wide initiatives and cross-team collaboration with multiple engineering teams.

Benefits

• time off programs
• medical, dental, vision, mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• an employee stock purchasing program