Senior Security Researcher, Detection & Response
Apply NowCompany: TikTok
Location: San Jose, CA 95123
Description:
Responsibilities
The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.
As a Senior Security Researcher, you will be a member of TikTok's Enterprise Threat Detection and Response team. The Threat Detection and Response team is responsible for 24x7 monitoring of multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The Threat Detection and Response team will regularly survey TikTok's networks for signs of a breach, malware, or unauthorized access. Additionally, the Threat Detection and Response team is responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the Threat Detection and Response team will be responsible for data collection and analysis of Incident Response data.
Responsibilities:
Ability to serve as an incident commander during a cybersecurity incident and run bridges between cross-functional stakeholders, effectively managing and overseeing the entire incident response lifecycle from detection to resolution.
Perform technical analysis and assessments of cybersecurity-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis.
Lead cross-functional projects to improve our capabilities to effectively detect and respond to security incidents
Mentor and guide TDR security engineers to grow their incident response skills
Develop incident response plans and procedures, including identification, remediation, containment, and eradication procedures
Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations
Support the onboarding of new products, data, processes, or tools by identifying requirements by integrating them into operations (processes, playbooks, and training)
Work with the Detection Engineering team to create custom rulesets to detect and hunt for advanced threat actor tactics, techniques, and procedures (TTPs).
This position is part of a 24x7x365 operation and may require shift and/or on-call work
Qualifications
Minimum Qualifications
Strong experience with various OS systems: Linux, MacOs and Windows
Experience with SIEM/SOAR tools, ELK stack
Experience with identifying and responding to advanced threats and threat actor TTPs
Work well under pressure and within constraints to solve problems and meet objectives
Excellent fundamental knowledge of industry-standard frameworks (e.g., MITRE ATT&CK)
Ability to work well in an ambiguous environment
One or more programming/scripting languages (e.g., Perl, Java, Python, etc.) Preferred certifications - GCIA, GCIH, GREM, OSCP
Preferred Qualifications
Bachelors' Degree or industry equivalent work experience in Cybersecurity with a focus on security analytics and incident response
5 years of directly related experience in computer security incident handling
The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.
As a Senior Security Researcher, you will be a member of TikTok's Enterprise Threat Detection and Response team. The Threat Detection and Response team is responsible for 24x7 monitoring of multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The Threat Detection and Response team will regularly survey TikTok's networks for signs of a breach, malware, or unauthorized access. Additionally, the Threat Detection and Response team is responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the Threat Detection and Response team will be responsible for data collection and analysis of Incident Response data.
Responsibilities:
Ability to serve as an incident commander during a cybersecurity incident and run bridges between cross-functional stakeholders, effectively managing and overseeing the entire incident response lifecycle from detection to resolution.
Perform technical analysis and assessments of cybersecurity-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis.
Lead cross-functional projects to improve our capabilities to effectively detect and respond to security incidents
Mentor and guide TDR security engineers to grow their incident response skills
Develop incident response plans and procedures, including identification, remediation, containment, and eradication procedures
Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations
Support the onboarding of new products, data, processes, or tools by identifying requirements by integrating them into operations (processes, playbooks, and training)
Work with the Detection Engineering team to create custom rulesets to detect and hunt for advanced threat actor tactics, techniques, and procedures (TTPs).
This position is part of a 24x7x365 operation and may require shift and/or on-call work
Qualifications
Minimum Qualifications
Strong experience with various OS systems: Linux, MacOs and Windows
Experience with SIEM/SOAR tools, ELK stack
Experience with identifying and responding to advanced threats and threat actor TTPs
Work well under pressure and within constraints to solve problems and meet objectives
Excellent fundamental knowledge of industry-standard frameworks (e.g., MITRE ATT&CK)
Ability to work well in an ambiguous environment
One or more programming/scripting languages (e.g., Perl, Java, Python, etc.) Preferred certifications - GCIA, GCIH, GREM, OSCP
Preferred Qualifications
Bachelors' Degree or industry equivalent work experience in Cybersecurity with a focus on security analytics and incident response
5 years of directly related experience in computer security incident handling