Salesforce.com has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Our Information Security teams work hand in hand with the business to ensure the highest security around all of our applications. The Information security team is currently seeking an Information Security Engineer with a passion for Information Security and a strong understanding of Security Event Monitoring and Security Incident Management, Security Device Management, and
Vulnerability Assessment and Remediation.
As a key member of our growing Security Operations team, the Information Security Engineer will work on the ‘front lines’ of the Salesforce.com production environment, protecting our critical infrastructure and
our customers’ data from the latest information security threats.
The Information Security Engineer is responsible for executing security operations processes, focused on real time security analysis, incident response, and ensuring the 24x7 availability of our production security
This position is based in one of our 24x7x365 operations centers. As a result, shift work (including on weekends) is required (between 10am-8pm EST).
2-5 years experience in the Information Security field or a relevant undergraduate or Master’s
degree focused on Information Security/Information Assurance.
Strong technical understanding of network fundamentals and common Internet protocols.
Experience with Linux/Unix systems management.
Experience installing/configuring and utilizing network security devices such as intrusion
detection systems, vulnerability scanners, packet capture tools, etc.
Strong technical understanding of the information security threat landscape (attack vectors and
tools, best practices for securing systems and networks, etc.).
Must have strong verbal and written communication skills; ability to communicate effectively and
clearly to both technical and non-technical staff.
Operational experience monitoring devices such as network and host-based intrusion detection
systems, web application firewalls, database security monitoring systems, firewalls/routers/
switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system
Experience managing intrusion detection systems (such as IBM ISS or Sourcefire), including
initial provisioning, software patching/upgrades and signature creation/tuning,
Experience managing security incident and event management tools (such as ARCSight,
Symantec SIM, LogLogic), including creating event filtering and correlation rules and reports, and
deploying and managing log collection agents.
Prior experience in a 24x7x365 operations environment.
Scripting skills (i.e. Python/Perl, shell scripting) a significant plus.
CISSP and/or other security based credential desired (GIAC GCIH/GCIA, etc.)
Familiar with ITIL service management methodology.
Experience working with vulnerability management tools such as nCircle, Qualys, etc.
To apply for this position, click on the link at the bottom of this page: http://careers.force.com/jobs/ts2__JobDetails?jobId=a1k70000000660LAAQ&t...