Vulnerability & Response Sr. Manager

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Salesforce – the leader in enterprise cloud computing and #1 place to work according to Fortune magazine -is seeking a Vulnerability Sr. Manager with a passion for Information Security and an understanding of managing security vulnerabilities in an enterprise.

The Vulnerability Response & Customer Incident Response teams at Salesforce deals with the most challenging problems in information security. The pace and variety of our work creates a unique learning environment, whether you are starting out or have deep security experience. You will be given unique challenges and the tools to solve them, surrounded by exceptional colleagues, and supported by incredibly helpful partner teams.

The Vulnerability & Response Manager is responsible for leading the company’s response to high severity vulnerabilities and incidents. Successful Response Managers thrive on challenge, are calm under pressure, and can think on their feet. Specifically, this Senior Manager is responsible for:

• Ensuring flawless execution of the vulnerability resolution and incident response process, with transparent communication that drives very high levels of internal/external customer satisfaction
• Creating, communicating, and executing the vulnerability response strategy and actions for individual security investigations.
• Managing resources assigned to vulnerability investigations and security incidents – assuring the incident is receiving the proper support to drive resolution as quickly as possible.
• Escalating, prioritizing, communicating, and coordinating high severity vulnerabilities/incidents maintaining adherence to the company’s vulnerability response process.
• Representing Security as the initial single on-point contact for any confirmed or potential high severity vulnerability/incident and ensuring interested parties and executives are alerted.
• Addressing incoming escalations from executives regarding the vulnerabilities and incidents.
• Ensuring all agreed to operational policies and procedures are adhered to and championing the security response process.
• Driving the security response process from detection through containment and remediation.
• Leading the coordination with internal stakeholders through resolution of the vulnerability or incident. Closely partnering and collaborating with Infrastructure, Engineering, Operations, Technical Support, Customer Success and Sales Leadership to ensure alignment across the business.
• Contribute to the improvement of the vulnerability and customer incident response process based on lessons learned.
• Train and mentor staff on the vulnerability and incident response processes.

Required Skills:

• 8+ years experience in the Information Security field, including operational security monitoring, incident or vulnerability response experience.
• 3+ years managing, coordinating, and ensuring resolution of security issues.
• Able to obtain a GovCloud Clearance
• Deep experience leading and responding to complex critical security vulnerabilities, availability, or customer experience issues.
• Broad information security knowledge, including some familiarity with key regulations and standards relating to security incident response (e.g., PCI-DSS, GDPR, ISO 27001).
• Serve as an escalation point for Vulnerability Handlers for complex/unusual alerts/cases/requests/vulnerabilities
• Lead “incident” command calls for critical vulnerabilities for a positive solution for stakeholders
• Ability to manage and constantly triage multiple security vulnerabilities, differentiating urgent issues from the merely important.
• Triage and replicate application security vulnerabilities (OWASP Top10)
• Ability to stand back from a complex problem, logically assess the facts, and formulate a plan of action – even in the worst of situations.
• Strong operational and services experience in a cloud services delivery environment
• Strong technical knowledge of complex systems, ideally in a multi-tenant, Cloud environment
• Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).
• Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.
• Excellent customer relations skills with experience working with teams across multiple time zones.
• Strong teamwork skills with the ability to build and grow relationships with incident response stakeholders.
• Excellent project management skills, including demonstrated ability to manage projects across teams where influencing skills are required.
• Executes with a high level of operational urgency
• Flexibility, integrity and creative problem-solving skills are a prerequisite to be successful in this role.

Desired Skills:

• Experience in conducting root cause analysis.
• Experience with the National Incident Management System.
• Prior experience in a 24x7x365 operations environment.
• Relevant information security certifications, such as CISSP, SANS GWAPT, SANS GCIH, SANS GPEN, SANS GSLC.

LI-Y

* LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.