Threat Detection and Response Lead

Join us.

The Global Security Organization provides industry-leading cybersecurity and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.

As a direct report to the Head of Threat and Incident Management, you will lead TikTok's Cyber Fusion Center Operations in US, EMEA, or Singapore. The Threat Detection and Response team is responsible for 24x7 monitoring of multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The Threat Detection and Response team operates under a follow-the-sun model, with hubs located in Singapore, Dublin and US. The Threat Detection and Response team will regularly survey the TikTok networks for signs of a breach, malware, or unauthorized access. Additionally, the Threat Detection and Response team is responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the Threat Detection and Response team will be responsible for data collection and analysis of Incident Response data.

The candidate must have expert skills in conducting technical analysis of security events, as well as malware analysis, incident triage and escalation, and other general incident response related issues. The candidate must also have the ability to communicate well, motivate and lead cross functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of TikTok's critical business, go to market, and operational infrastructure needs. The candidate will develop, select, and motivate highly effective leaders and employees to execute the TikTok business model.

Responsibilities
- Develop incident response plans and procedures, including identification, remediation, containment, and eradication procedures
- Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations
- Develop relevant policies, procedures, and guidelines for the Threat Detection and Response program in the region; ensure compliance with, and support audits for, various standards, including but not limited to ISO270001 and PCI
- Perform threat hunting proactively to identify threats and assess the state of security controls; work with in-house red teams in order to detect offensive operations, and capture and action findings
- Work closely with engineering teams to continuously provide technology requirements and use cases for enabling technologies including but not limited to SIEM, SOAR, Case Management, GRC, EDR, Intrusion Detection Systems, HIPS, Web Proxy/Content Filtering, Active Directory, PKI
- Work with partners to mature crisis procedures and security and privacy incident management

Qualifications

- Bachelors' Degree or industry equivalent work experience in international security architecture and engineering in a cyber security operations program
- CISSP, GCIA, GCIH, GREM or applicable experience in the Information Security field
- At least 5 years directly related experience
- One or more programming/scripting languages (e.g., C, C++, Perl, Java, Python, etc.)
- Demonstrated experience in leading a security focused capability and providing world class services at enterprise scale
- Expertise in performing or overseeing malware analysis and overseeing digital forensics for incident response
- Strong Operating System Administration skills including conceptual knowledge of OS internals and experience with core service types
- Strong experience with *NIX and Windows networking environments
- Experience in maintaining a working knowledge of global attack groups and their tools, techniques, and procedures
- Works well under pressure and within time/budget constraints to solve problems or meet objectives.
- Excellent fundamental knowledge of industry standard frameworks such as MITRE ATT&CK

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

#LI-Hybrid