Incident Manager, CSIRT

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

About the Role

Join Salesforce's Detection, Analysis and Response (DAR) team as a CSIRT Senior Incident Manager, where you'll play a critical role in protecting one of the world's leading cloud platforms. In this position, you'll act as Incident Commander for high-severity security incidents and Vulnerability Commander for critical vulnerabilities, leading coordinated response efforts across Salesforce's commercial environments.
What You'll Do
 

Incident & Vulnerability Leadership

• Serve as Incident Commander (IC) for high-severity security incidents (Sev 0-2), Customer Owned Security Incidents (COSI) and Vulnerability Commander (VC) for priority vulnerabilities requiring customer action

• Lead response strategy and coordination for diverse critical incidents including supply chain attacks, third-party breaches, connected app compromises, large-scale account takeover campaigns, platform vulnerabilities, and insider threats

• Establish clear command structures, delegate tasks effectively, and oversee technical workstreams including containment, forensics, and remediation

• Ensure timely engagement of stakeholders and maintain accurate, real-time documentation within established SLAs

Training & Preparedness

• Develop and conduct security tabletop exercises and drills to enhance organizational readiness

• Create training programs for incident response teams and identify gaps in current response plans

• Facilitate preparations for future incidents through scenario planning and stakeholder engagement

Process Excellence

• Drive continuous improvement of incident management processes, protocols, and playbooks

• Lead post-incident lessons learned exercises and develop corrective action programs

• Maintain incident response tools, communication channels, and access controls

• Review and optimize response procedures based on operational experience

Strategic Integration & Growth

• Support security integration for newly acquired companies, including security posture assessments and capability evaluations

• Facilitate onboarding tabletop exercises to align acquired organizations with Salesforce incident response processes and expectations

• Collaborate with cross-functional security teams during acquisition integration activities

Global Operations

• Participate in 24/7 global coverage including rotating weekend and holiday on-call responsibilities

• Coordinate seamless handoffs across our three major global regions

• Support business continuity planning to ensure effective operations during disruptions

Required Qualifications

• Proven experience as an Incident Commander with hands-on leadership of complex security incidents

• Deep expertise coordinating responses to critical events such as supply chain attacks, third-party breaches, large-scale campaigns, and platform vulnerabilities

• Demonstrated crisis leadership skills with ability to establish command structures and make critical decisions under pressure

• Exceptional written and verbal communication skills for stakeholder management

• Experience developing or managing security programs for organizational preparedness

• Proven ability to work effectively in global 24/7 operations

Preferred Qualifications

• Industry certifications such as GCIH, CISSP, or CISM

• Experience conducting post-mortem exercises and driving process improvements

• Background in vendor management and external security engagements

• Familiarity with M&A security assessments and integration processes

• Experience in highly regulated environments

• Knowledge of security automation and case management tools

Location: Sydney (Office-flex arrangement: 3 days in-office)
This role offers the opportunity to make a significant impact on global security operations while working with cutting-edge technology and a world-class security team. You'll be at the forefront of protecting customers and their data across Salesforce's ecosystem, while contributing to the company's continued growth.

#LI-Y

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.