Senior Threat Detection Engineer

SalesforceBellevue, WA

About The Position

As a Senior Threat Detection Engineer, you will take on complete ownership of a technical area, responsible for delivering all necessary research and features to achieve our team’s goals in that area. You will work across teams in multiple geographies to deliver on initiatives with many moving parts. You will also have the opportunity to lead broad initiatives that go beyond our own work. We value innovation and expect everyone to innovate and come up with creative ways to solve the problems that we and our customers face. The Threat Detection team is responsible for detecting attacks against Salesforce's infrastructure, products, employees, and customers. The team collaborates with CSIRT and engineering teams to enhance detection effectiveness. The role involves writing logic on security platforms to detect malicious activity, building attack simulation scenarios, and testing logic effectiveness. Collaboration with the incident response team is essential to improve alert reliability and quality. As a Senior Threat Detection Engineer, you will be responsible to lead a project end to end owning a technical area, and delivering research and features. In this role you will be working security organization wide initiatives and cross-team collaboration are expected working with multiple engineering teams is required.

Requirements

  • 6 to 8 years of experience in relevant areas like Threat Detection, Threat Hunting, Security Incident Response, and managing significant security incidents and breaches.
  • Experience and expertise in developing and refining threat detection methodologies.
  • Proficiency in leveraging security logs from multiple log source types including network infrastructure, endpoint devices, public and private cloud substrates and SaaS.
  • Comprehensive grasp of log structure, data normalization techniques, and the capacity to isolate critical security incidents.
  • Strong proficiency and experience in log correlation techniques to identify patterns and anomalies indicative of malicious activity.
  • Expertise in constructing complex search queries using languages such as SPL, YARAL and other query languages to analyze large volumes of data.
  • Strong data analysis skills to interpret query results, identify false positives, and fine-tune detection rules for optimal efficacy.
  • In-depth knowledge of fundamental security principles, common attack vectors employed by threat actors, Tactics, Techniques, and Procedures (TTPs) used throughout the cyber kill chain, and relevant security frameworks such as the MITRE ATT&CK framework.
  • Practical experience in working with a variety of security tools and technologies, including SIEM systems, EDR solutions, NDR tools, and SOAR platforms.
  • Ability to effectively handle and analyze large and complex datasets, identifying meaningful security insights and trends.
  • Knowledge of writing detections based on network, host, OS, and other logs.
  • Experience with correlation and complex log analytic queries.
  • Coding experience with Python or other languages for automation.
  • Ability to correlate multiple log sources for effective adversary detection.
  • Demonstrated experience collaborating across global, cross-functional teams with members in multiple time zones, with the ability to communicate and coordinate effectively across geographically distributed environments.
  • A related technical degree required.

Nice To Haves

  • Hands-on experience with any log aggregation/SIEM tool such as and not limited to Splunk, Elastic (ELK), FLINK, Chronicle etc.
  • Hands-on Experience with public cloud, such as AWS or Azure or GCP, especially Public cloud security.
  • Undergraduate degree in cyber security, computer science, information technology, or similar subjects.
  • Experience working in a globally distributed team leveraging documentation and async communications as needed.
  • Prior experience or basic knowledge on DS algorithms and methodologies.
  • Experience on automation platform such as SOAR.

Responsibilities

  • Take on complete ownership of a technical area, responsible for delivering all necessary research and features to achieve team goals.
  • Work across teams in multiple geographies to deliver on initiatives with many moving parts.
  • Lead broad initiatives that go beyond our own work.
  • Innovate and come up with creative ways to solve problems.
  • Write logic on security platforms to detect malicious activity.
  • Build attack simulation scenarios.
  • Test logic effectiveness.
  • Collaborate with the incident response team to improve alert reliability and quality.
  • Lead a project end to end, owning a technical area, and delivering research and features.
  • Work on security organization-wide initiatives.
  • Engage in cross-team collaboration with multiple engineering teams.

Benefits

  • time off programs
  • medical
  • dental
  • vision
  • mental health support
  • paid parental leave
  • life and disability insurance
  • 401(k)
  • employee stock purchasing program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service