Sr. Threat Intelligence Automation Engineer

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.

As a member of the Slack Security Customer Protection team, you are the first line of detection of bad actors using Slack in unwanted and unexpected ways. As Slack’s data, customers, and features grow, protecting customers’ data from unwanted behaviors becomes an ever more important and challenging problem. The Security Customer Protection team develops and uses tooling to tease out high-quality signal from all the noise, to detect unwanted behaviors, such as abuse of users, workspaces, or tokens. Your work directly impacts the way millions of people, teams and businesses get things done.

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?

What you will be doing

  • Proactive discovery and prevention of threat actors and unwanted activity in Slack, from the angle of threat intelligence sharing
  • Apply threat intelligence in Slack at scale through scripting
  • Create actions to discover and proactively prevent threats in Slack
  • Engineer novel solutions to automate threat analysis challenges
  • Work closely with other engineering teams to design and build long-term solutions for stopping malicious activity
  • Develop new dashboards to visualize and surface data for analysis and reporting
  • Participate in the greater threat intelligence community to surface events relevant to Slack
  • Use data and tools to understand and hunt for threats in the environment
  • Understand the underpinnings of how Slack works, and where bad actors could take advantage, to develop improved detective tools
  • Expose measurable data to partners to improve Slack’s ability to detect future threats
  • Participate in CorpSec detection and response activities and rotation up to 25%

What you should have

  • 5-7 years work experience in threat intelligence analysis
  • Experience drawing metadata and IOCs from threat intelligence, to correlate to malicious campaigns
  • Practical experience hunting for unwanted activity in large data sets
  • Proficiency using relational database tools such as SQL or Postgres
  • Experience with Python, Linux, Kibana, Splunk and engineering fundamentals at scale such as AWS, Chef, and Terraform
  • Understanding of bad actors, threat intelligence, and abuse; involvement remediating abuse or security-related incidents is a plus
  • You have a Bachelor's degree in Computer Science, Engineering or a related field, or equivalent training, fellowship, or work experience

Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment. Visa sponsorship may not be available in certain remote locations.

Visa sponsorship is not available for candidates living outside the country of this position.


At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. and will not pay any third-party agency or company that does not have a signed agreement with or

Salesforce welcomes all.