To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Software Engineering
Job Details
About Salesforce
Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.
Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.
Overview of the Role
Our Threat Intelligence team focuses on defending Salesforce and our customers by cutting through the noise and identifying who's targeting us and what emerging threats we need to prepare for. Our team includes those who have faced nation state, eCrime, and other types of adversaries in threat intelligence, incident response, and/or threat detection functions in past lives. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.
In the capacity of a Threat Intelligence Automation Developer, you operate at the nexus of security analysis and systems development within our Counter-Threat Operations. Your objective is to convert massive streams of adversary data into meaningful insights by engineering and optimizing large-scale automated pipelines. Beyond simply processing data, you will architect the essential framework that empowers our Threat Intelligence (TI), Security Operations Center (SOC), and Incident Response (IR) practitioners to outpace modern threats. You will drive initiatives to expand our tracking of threat groups, analyze malicious campaigns, and streamline the delivery of intelligence across the entire security ecosystem.
Location: Washington, D.C. | McLean, VA | Seattle, WA | San Francisco, CA
Responsibilities
- Engineering and Systems Orchestration: Architect and implement programmatic solutions and cross-platform integrations within the Threat Intelligence Platform (TIP) and Security Orchestration, Automation, and Response (SOAR) ecosystems to drive high-velocity security operations at scale.
- Strategic Collaboration: Work alongside Threat Researchers to decode sophisticated adversary tradecraft, transforming manual investigative workflows into automated and repeatable detection frameworks.
- Collections Leadership: Function as a pivotal member of the Collections Team; oversee the evaluation of novel data streams and serve as the technical authority for sophisticated data ingestion and normalization initiatives.
- Intelligence Lifecycle Refinement: Optimize the intelligence production cycle by engineering automations that eliminate manual processing burdens, empowering practitioners to prioritize complex strategic analysis.
- Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
- Contribute to building and maintaining the shared system context — an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
Required Qualifications
- A minimum of three years within the cybersecurity domain, including at least one year dedicated to security engineering, DevSecOps, or automation workflows.
- Advanced Python development ability for complex programmatic requirements; additional proficiency in Bash and JavaScript for orchestration and frontend-adjacent scripting is highly desirable.
- Hands-on experience implementing SOAR platform orchestration utilizing industry-standard tools, such as Palo Alto Cortex XSOAR, Splunk Phantom, Tines, or Swimlane.
- Familiarity with the administration and expansion of Threat Intelligence Platforms, specifically including environments like Vertex Synapse, ThreatConnect, Anomali, or MISP.
- Demonstrated expertise in normalizing unstructured data via RESTful APIs and regular expressions (Regex), with a focus on mapping digital footprints into structured formats like JSON or the Synapse Data Model.
- Technical mastery of version control systems, primarily git, and the integration of Continuous Integration/Continuous Delivery (CI/CD) best practices within security engineering workflows.
- Experience building and managing solutions on Amazon Web Services (AWS).
- Operational knowledge of Linux environments and Unix command-line utilities.
- Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
- Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
- Conceptual understanding of the design and operation of large-scale distributed systems.
- Possess a builder's mindset, characterized by an instinctive drive to architect programmatic solutions and scripts that eliminate inefficient manual tasks.
- Ability to collaborate effectively within a global, geographically dispersed workforce using remote technologies.
- A related technical degree required.
Preferred Qualifications
- Experience using Threat Intelligence Platforms and building integrations with these platforms.
- Experience with security analysis tools such as Jupyter notebooks, Splunk, and Elasticsearch.
- Experience with Microsoft Azure and Google Cloud.
- Demonstrated expertise in graph modeling utilizing Vertex Synapse or comparable graph-based database technologies to map adversary associations and digital footprints.
- Proficiency in developing cloud-native automation and implementing serverless computing solutions, specifically within AWS Lambda or Azure Functions environments.
- Relevant industry credentials such as GCTI (GIAC Cyber Threat Intelligence), GPYC (GIAC Python Coder), or specialized professional certifications in SOAR platform orchestration.
- Experience performing all of the above at scale in a large, complex environment.
IN SCHOOL OR GRADUATED WITHIN THE LAST 12 MONTHS? PLEASE VISIT FUTURE FORCE FOR OPPORTUNITIES
Unleash Your Potential
When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.
Accommodations
If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.
Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.
Posting Statement
Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.
In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions. The typical base salary range for this position is $117,200 - $176,700 annually. In select cities within the San Francisco and New York City metropolitan area, the base salary range for this role is $141,200 - $194,200 annually. The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.