Similar Jobs

View More
This company is committed to hiring Veterans

Lead Threat Intelligence Researcher

This job is no longer active. View similar jobs.

POST DATE 8/26/2016
END DATE 10/11/2016 San Francisco, CA

San Francisco, CA
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Mid-Career (2 - 15 years)


Post Date:

Salesforce will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Adversaries make mistakes and you know how to use these to your advantage.

We have moved beyond the traditional FUD approach of security and depend on data for analysis. Rumors and speculation don't protect our customers, and that's something we take very seriously. Put simply: data or it didn't happen. However, data is all well and good, but it's just sitting there doing nothing. Without intelligence and interpretation, we're just filling up disks. While the storage companies are more than happy to sell us petabytes of spindles, we are driven to make something of this data. We need someone to join our team that lives, breathes, eats, and sleeps security data and the associated analysis.

On a daily basis our team's attention is focussed on two areas (the right person will be adept and happy in doing both):
Intelligence analysis: think reviewing advisories, pulling apart malware, maturing indicators, creating situational awareness and collaborating with our CSIRT.
Proactive threat hunting: digging through an environment for adversaries who don't trigger an alarm.
Our team members will also participate within various security communities as active contributors not only for the benefit of, but for the benefit of the Internet as a whole. has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. With our focus on Trust, we collect terabytes per day of interesting security data. The Threat Intelligence Researcher will help turn that data into actionable intelligence, spot malicious activity that conventional security control's can't and determine courses of action to help protect our customers from all types of threats. The threat landscape has changed from 'if' to 'when,' and we're building a team that lives in this new reality.

* No overloaded, meaningless, three letter acronyms were harmed in the making of this job description.


* Live logs. Love logs. Eat logs. Breathe logs... did we mention logs*

* You know the difference between data, information and intelligence. "The intelligence lifecycle" isn't something you just Googled for the first time today.

* Intelligence isn't just something you consume, it's also something you also produce. This isn't about just plugging a paid feed into and flooding our CSIRT with alerts.

* The devil is in the detail, sifting through marketing laden breach reports to find those gems of relevance is something you do with passion.

* Proactive trumps reactive, you thrive at digging through logs to find badness which security controls don't.

* Beaconing, persistence and lateral movement aren't just something you've read about in a book.. You know them inside out, how they vary and can spot them a mile away.

* Communication is your forte and you can engage various levels of the business, differentiating opinion from fact.

* Static and dynamic malware analysis are something you can do in your sleep, laughing at lame obfuscation techniques.

* Methodical and repeatable are your mantra, documentation and taking notes are your friend.

* Off the shelf programs don't exist for all of your needs, so you've built your tools, and tools for others.

* Network packet ninja and file system sleuth alike, your skills translate to both hosts and networks.

* We're a globally distributed team, so you're ready to hop on our IRC channels and Chatter Groups and join in. A sense of humor and thick skin are definitely required.

* You like humans as well as 1's and 0's. This isn't the place for a one person army, teamwork and collaboration are things which you value.

* You're not afraid to automate your way out of a job (don't worry, we have plenty of interesting things to do).

* Blogging is something you do, you have done, or you will in the future. You've got the ability to explain malicious activities to our CEO (he's a smart guy!).


* Ideally, you've done all of the above at scale. We're not a startup.

* Touching disk is so 2001, you've got memory forensic skills.

*,, or Heroku experience (hey, we like our own Champagne).

Salesforce, the Customer Success Platform, and world's #1 CRM empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes's "World's Most Innovative Company" five years in a row and one of Fortune's "100 Best Companies to Work For" eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners, and communities, we are working to improve the state of the world.

*LI-Y is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. does not accept unsolicited headhunter and agency resumes. will not pay fees to any third-party agency or company that does not have a signed agreement with