Principal Threat Researcher, Software Engineer (Counter-Threat Ops)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Software Engineering

Job Details

*About Salesforce*

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Our Threat Intelligence team focuses on defending our organization and our customers by cutting through the noise and identifying who’s targeting us and what emerging threats we need to prepare for. Our team includes those who have faced nation state, eCrime, and other types of adversaries in threat intelligence, incident response, and/or threat detection functions in past lives. We use our wide expertise to drive direction, support investigations, and uplift security as a whole across Salesforce.

Role Description:

As a Principal Threat Researcher (Counter-Threat Ops), you don't just track threats—you neutralize them. You are a key pillar of the Threat Intelligence (TI) team, specifically focused on the art of adversary disruption. You will lead the charge in identifying, tracking, and imposing friction on threat actors targeting the Salesforce ecosystem. This is a "hands-on-keyboard" technical leadership role as an individual contributor. You will perform deep-dive research across massive datasets to extract tactics, techniques and procedures (TTPs), build complex attacker profiles, and turn that intelligence into action. Whether you are partnering with hyperscalers to take down attacker infrastructure or working alongside multi-national law enforcement to support criminal prosecution, your goal is to make it expensive and dangerous for adversaries to operate against Salesforce and our Customers.

Responsibilities

• Adversary Disruption & Denial: Lead initiatives to disrupt threat actor operations by leveraging Salesforce infrastructure and strategic partnerships with hyperscalers (AWS, GCP, MAS), CDNs, and network security providers.
• Law Enforcement Collaboration: Develop high-fidelity technical evidence and attribution data to support US and European law enforcement in the successful criminal prosecution of threat actors.
• Strategic Intelligence Ecosystem: Deepen Salesforce’s reach into the broader cyber intelligence community, fostering peer-to-peer partnerships with other industry disruption teams to build a collective defensive picture.
• Advanced Threat Tracking: Perform expert-level tracking of advanced e-crime and state-sponsored actors, distilling complex tactics, techniques, and procedures (TTPs) into actionable intelligence for executives and technical stakeholders.
• Tactical Tooling & Automation: Build custom scripts, investigative tools, and automation (Python, SQL, Splunk) to scale research and enable "on-the-fly" analysis during active campaigns or incident response.
• Technical Mentorship: Serve as a technical mentor on the Threat Intelligence team, guiding junior researchers and driving the direction of investigations through deep subject matter expertise. You will be collaborating on this with
• Cross-Functional Influence: Act as a central bridge between Incident Response, Security Engineering, and Platform Defense to ensure intelligence directly hardens our environment.
• Build and ship high-quality, production-grade software using modern engineering practices, with AI as a core part of your development workflow by pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
• Design and orchestrate complex systems where AI agents integrate seamlessly into human workflows, driving efficiency and innovation at scale.
• Contribute to building and maintaining the shared system context, an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
• Critically evaluate code (Human or AI-generated) for correctness, quality, security, and performance

Minimum Requirements:

• You have recognized, first-hand knowledge of how advanced adversaries operate and their tactics, techniques, and procedures (TTPs), with a focus on AWS, GCP, Azure, and other cloud providers
• 10+ years of hands-on experience identifying, tracking, and disrupting advanced cyber threat actors (government-backed and advanced e-crime adversaries), including successful referrals to international Law Enforcement agencies
• 5+ years hands-on experience with strategic intelligence writing and standard conventions (BLUF, Diamond Model, MITRE ATT&CK), with a proven track record of authoring dozens of research articles and public-facing blog posts
• Established threat intelligence practitioner and active member of private, invite-only Information Security trust groups with extensive industry and community contacts
• Experience with Cyber Threat Intelligence writing for both technical, non-technical, and executive audiences - ideally with threat briefings, threat reports, blog posts, or similar finished intelligence
• A capable oral and written communicator, you are able to engage others in the business at multiple levels to translate threat research into actionable recommendations to shape strategy and decisions
• Experience conducting and correlating threat research using OSINT and proprietary tools, including infrastructure analysis, malware telemetry, and full attack lifecycle tracking
• You operate autonomously to drive projects and have experience mentoring and supporting junior analysts in a globally distributed or remote team environment
• You have an understanding existing and emerging threats to an organization spanning multiple industries and threat profiles
• 3+ years experience scripting, automating, and building investigative tooling (Python, Bash, SQL, Splunk) and using YARA or Sigma for threat hunting
• Identify patterns and trends across various data sources and distill findings concisely
• A demonstrated, genuine AI-first approach to engineering. Using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
• Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows
• Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
• A related technical degree required

Preferred Requirements:

• Extensive experience collaborating with global law enforcement agencies (e.g., FBI, Europol) on attribution and evidence collection resulting in successful prosecutions and takedowns
• Experience using Threat Intelligence Platforms, and building integrations with these platforms
• Extensive experience using Machine Learning automation for the detection and disruption of high-harm groups and platform-based abuse
• Deep familiarity with reverse engineering, malware analysis, and knowledge of underground communities
• Experience with security analysis tools (Jupyter notebooks, Splunk, ElasticSearch, etc)
• Extensive experience with uncovering threats in AWS, Microsoft Azure, and Google Cloud
• Expert-level use of hunting/IR tools for host and network analysis
• Recognized industry leader in the threat Community
• You have performed all of the above “at scale“ in a large, complex environment

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.

Accommodations

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.

Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.

At Salesforce, we believe in equitable compensation practices that reflect the dynamic nature of labor markets across various regions.
The typical base salary range for this position is $197,300 - $313,700 annually.
The range represents base salary only, and does not include company bonus, incentive for sales roles, equity or benefits, as applicable.

For more details click Job Post.