Salesforce, Inc..
Lead Security Automation Engineer
Salesforce, Inc.., San Francisco, California, United States, 94199
Overview
Salesforce has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Trust and security are Salesforces number one value as a company. We are seeking a highly skilled and experienced Lead Member of Technical Staff (LMTS) to join our team and serve as the technical owner of the Security Information and Event Management platform. This role is pivotal in establishing the SIEM as the "secure, reliable, and efficient cornerstone" of our security operations. You will be responsible for fundamentally transforming our ability to rapidly detect, prioritize, and automate responses to high-fidelity security incidents by addressing current pain points such as fragmented operations, pervasive data quality issues, and high Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) metrics. The ideal candidate will have extensive hands-on experience in managing and operating large-scale enterprise security platforms, with a strong focus on data ingestion, system reliability, and automation. This is a strategic role that requires a blend of deep technical expertise, strong problem-solving skills, and the ability to drive change in a complex environment. A strong desire and demonstrated ability to apply transferable engineering skillsets to assist the broader team with other development needs as they arise. This includes the flexibility to step up and provide support in other engineering areas, helping to resolve roadblocks and contribute to the overall technical success of the organization. Key Responsibilities
Platform Management and Vendor Relations: Serve as the primary technical point of contact for the SIEM platform. Manage vendor relationships, including coordinating new feature enablement, tracking bugs, and holding the vendor accountable for system stability and availability. Enforce a rigorous "safe change" process to achieve "zero manual changes" by routing all administrative actions through auditable, internal processes. Data Ingestion and Governance: Act as the "ultimate gatekeeper for the quality of data" within the NG-SIEM. Define and enforce strict SIEM ingestion requirements, including format and enrichment processes, to ensure high-quality, structured, and contextualized log data. Manage direct integrations from SaaS applications and other log sources, such as SQS and S3, to eliminate intermediate data hops and improve fidelity. Availability and Observability: Oversee the availability and performance of the vendor SAAS platform, with a target uptime of 99.9%. Build and maintain supporting services to monitor and alert on key metrics, including end-to-end log ingestion pipeline health, data freshness (targeting a maximum 5-minute latency), data ingestion rate, and deviation from ingestion time. Operational Excellence: Develop and implement services to automate platform changes and streamline processes, moving away from fragmented, manual tasks and over-reliance on "tribal knowledge". Continuous Improvement: Manage the full lifecycle of new feature enablement, from proof of concept and validation to controlled rollout. Participate in on-call duties for platform-related incidents, ensuring timely remediation and documenting corrective actions. Architectural and Design Leadership: Lead the team in making key architectural decisions and participate in design reviews to ensure that technical solutions are robust and scalable for future growth. Conduct code reviews to enforce best practices and ensure the delivery of high-quality, production-ready features. Driving a Culture of Excellence: Define and optimize workflows and processes to improve efficiency and reduce waste across our security operations. Establish a framework of standards and procedures and mentor the team to continuously identify opportunities for improvement. Required Skills and Qualifications
Proven experience in a senior technical role (e.g., LMTS) managing and operating security platforms in a large-scale enterprise environment. Deep expertise with SIEM solutions, including direct, hands-on experience with CrowdStrike, Splunk, or Google Chronicle. Strong understanding of data pipelines, including log ingestion from various sources (APIs, SQS, S3, SaaS platforms). Experience with building observability services and monitoring key platform health metrics. Demonstrated ability to drive change and automate processes, reducing manual effort and improving operational efficiency. Experience with user access management and RBAC, particularly with SCIM-based access control.
#J-18808-Ljbffr
Salesforce has one of the best Information Security teams in the world and growing this piece of the business is a top priority! Trust and security are Salesforces number one value as a company. We are seeking a highly skilled and experienced Lead Member of Technical Staff (LMTS) to join our team and serve as the technical owner of the Security Information and Event Management platform. This role is pivotal in establishing the SIEM as the "secure, reliable, and efficient cornerstone" of our security operations. You will be responsible for fundamentally transforming our ability to rapidly detect, prioritize, and automate responses to high-fidelity security incidents by addressing current pain points such as fragmented operations, pervasive data quality issues, and high Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) metrics. The ideal candidate will have extensive hands-on experience in managing and operating large-scale enterprise security platforms, with a strong focus on data ingestion, system reliability, and automation. This is a strategic role that requires a blend of deep technical expertise, strong problem-solving skills, and the ability to drive change in a complex environment. A strong desire and demonstrated ability to apply transferable engineering skillsets to assist the broader team with other development needs as they arise. This includes the flexibility to step up and provide support in other engineering areas, helping to resolve roadblocks and contribute to the overall technical success of the organization. Key Responsibilities
Platform Management and Vendor Relations: Serve as the primary technical point of contact for the SIEM platform. Manage vendor relationships, including coordinating new feature enablement, tracking bugs, and holding the vendor accountable for system stability and availability. Enforce a rigorous "safe change" process to achieve "zero manual changes" by routing all administrative actions through auditable, internal processes. Data Ingestion and Governance: Act as the "ultimate gatekeeper for the quality of data" within the NG-SIEM. Define and enforce strict SIEM ingestion requirements, including format and enrichment processes, to ensure high-quality, structured, and contextualized log data. Manage direct integrations from SaaS applications and other log sources, such as SQS and S3, to eliminate intermediate data hops and improve fidelity. Availability and Observability: Oversee the availability and performance of the vendor SAAS platform, with a target uptime of 99.9%. Build and maintain supporting services to monitor and alert on key metrics, including end-to-end log ingestion pipeline health, data freshness (targeting a maximum 5-minute latency), data ingestion rate, and deviation from ingestion time. Operational Excellence: Develop and implement services to automate platform changes and streamline processes, moving away from fragmented, manual tasks and over-reliance on "tribal knowledge". Continuous Improvement: Manage the full lifecycle of new feature enablement, from proof of concept and validation to controlled rollout. Participate in on-call duties for platform-related incidents, ensuring timely remediation and documenting corrective actions. Architectural and Design Leadership: Lead the team in making key architectural decisions and participate in design reviews to ensure that technical solutions are robust and scalable for future growth. Conduct code reviews to enforce best practices and ensure the delivery of high-quality, production-ready features. Driving a Culture of Excellence: Define and optimize workflows and processes to improve efficiency and reduce waste across our security operations. Establish a framework of standards and procedures and mentor the team to continuously identify opportunities for improvement. Required Skills and Qualifications
Proven experience in a senior technical role (e.g., LMTS) managing and operating security platforms in a large-scale enterprise environment. Deep expertise with SIEM solutions, including direct, hands-on experience with CrowdStrike, Splunk, or Google Chronicle. Strong understanding of data pipelines, including log ingestion from various sources (APIs, SQS, S3, SaaS platforms). Experience with building observability services and monitoring key platform health metrics. Demonstrated ability to drive change and automate processes, reducing manual effort and improving operational efficiency. Experience with user access management and RBAC, particularly with SCIM-based access control.
#J-18808-Ljbffr