Menu

← Return to Job Board

Lead Threat Intelligence Researcher

salesforce – HERNDON, CA, United States - Published On 1/11/17

Description

Location: Herndon, VA

Adversaries make mistakes and you know how to use these to your advantage.

We have moved beyond the traditional FUD approach of security and depend on data for analysis. Rumours and speculation don’t protect our customers, and that’s something we take very seriously. Put simply: data or it didn’t happen. However, data is all well and good, but it’s just sitting there doing nothing. Without intelligence and interpretation, we’re just filling up disks. While the storage companies are more than happy to sell us petabytes of spindles, we are driven to make something of this data. We need someone to join our team that lives, breathes, eats, and sleeps security data and the associated analysis.

This role will be responsible for leading a small team in our Herndon office. You’ll report to the Director of Threat Intelligence and will be responsible for the smooth operation of our local team members, facilitating the successful execution of our mission. Fear not, this role is not one of staring at excel and powerpoint, you’ll be highly technical and getting into the mix of it.

On a daily basis our team’s attention is focussed on two areas (the right person will be adept and happy in doing both):
Intelligence analysis: think reviewing advisories, pulling apart malware, maturing indicators, creating situational awareness and collaborating with our CSIRT.
Proactive threat hunting: digging through an environment for adversaries who don’t trigger an alarm.
Our team members will also participate within various security communities as active contributors not only for the benefit of Salesforce.com, but for the benefit of the Internet as a whole.
<management speak>

Salesforce.com has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. With our focus on Trust, we collect terabytes per day of interesting security data. The Senior Security Researcher will help turn that data into actionable intelligence, spot malicious activity that conventional security control’s can’t and determine courses of action to help protect our customers from all types of threats. The threat landscape has changed from ‘if’ to ‘when,’ and we’re building a team that lives in this new reality.

</management speak>

* No overloaded, meaningless, three letter acronyms were harmed in the making of this job description.

Required skills:
Rallying a small team and coordinating activities to reach an objective is your forte, you have demonstrable experience managing and leading a small team (whilst still getting your own hands dirty).
Live logs. Love logs. Eat logs. Breathe logs… did we mention logs?
You know the difference between data, information and intelligence. “The intelligence lifecycle” isn’t something you just Googled for the first time today.
Intelligence isn’t just something you consume, it’s also something you also produce. This isn’t about just plugging a paid feed into <insert SIEM of your choice here> and flooding our CSIRT with alerts.
The devil is in the detail, sifting through marketing laden breach reports to find those gems of relevance is something you do with passion.
Proactive trumps reactive, you thrive at digging through logs to find badness which security controls don’t.
Beaconing, persistence and lateral movement aren’t just something you’ve read about in a book.. You know them inside out, how they vary and can spot them a mile away.
Communication is your forte and you can engage various levels of the business, differentiating opinion from fact.
Static and dynamic malware analysis are something you can do in your sleep, laughing at lame obfuscation techniques.
Methodical and repeatable are your mantra, documentation and taking notes are your friend.
Off the shelf programs don’t exist for all of your needs, so you’ve built your tools, and tools for others.
Network packet ninja and file system sleuth alike, your skills translate to both hosts and networks.
We’re a globally distributed team, so you’re ready to hop on our IRC channels and Chatter Groups and join in. A sense of humor and thick skin are definitely required.
You like humans as well as 1’s and 0’s. This isn’t the place for a one person army, teamwork and collaboration are things which you value.
You’re not afraid to automate your way out of a job (don’t worry, we have plenty of interesting things to do).
Blogging is something you do, you have done, or you will in the future. You’ve got the ability to explain malicious activities to our CEO (he’s a smart guy!).
Desired skills:
Ideally, you’ve done all of the above at scale. We’re not a startup.
Touching disk is so 2001, you’ve got memory forensic skills.
Salesforce.com, Force.com, or Heroku experience (hey, we like our own Champagne).

Company Overview:

Salesforce, the Customer Success Platform, and world's #1 CRM empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners, and communities, we are working to improve the state of the world.

How to Apply

Apply using the job link http://careers.force.com/jobs/apex/ts2__JobDetails?jobId=a1k70000003G0jjAAC or contact James Sale at jsale@salesforce.com

This document was retrieved from http://www.rsaconference.com/jobs/view/213 on Wed, 18 Jan 2017 17:16:11 -0500.
© 2017 EMC Corporation. All rights reserved.