Cyber Incident Response Analyst

Responsibilities
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.

At TikTok, our people are humble, intelligent, compassionate and creative. We create to inspire - for you, for us, and for more than 1 billion users on our platform. We lead with curiosity and aim for the highest, never shying away from taking calculated risks and embracing ambiguity as it comes. Here, the opportunities are limitless for those who dare to pursue bold ideas that exist just beyond the boundary of possibility. Join us and make impact happen with a career at TikTok.

The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk.

As a Cyber Incident Response Analyst, you will be a member of TikTok’s enterprise Threat Detection and Response team. The Threat Detection and Response team is responsible for 24x7 monitoring of multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The Threat Detection and Response team operates under a follow-the-sun model, with hubs located in Singapore, Dublin and US. The Threat Detection and Response team will regularly survey the TikTok networks for signs of a breach, malware, or unauthorized access. Additionally, the Threat Detection and Response team is responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the Threat Detection and Response team will be responsible for data collection and analysis of Incident Response data.

**Responsibilities**:

- Triaging security alerts and events from various log sources accurately and responding expediently
- Conduct technical analysis and assessments of security-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis
- Conduct analysis of network traffic and output from various network-centric technologies
- Develop Incident Response Playbooks, perform proactive threat hunts based on threat intelligence gathered
- Develop SOAR playbooks, automate routine processes, create or enhance detection and response capabilities

**Qualifications**:

- At least 1-3 years of experience handling cybersecurity related incidents
- Technical proficiency in a minimum of at least one of the following domains: Malware Analysis, Digital Forensics, Log Analysis, Red Teaming/Penetration Testing or related domains
- Understanding of networking protocols, traffic analysis, and network security tools (e.g. WAF, NDR)
- Strong Linux fundamentals, experience operating and investigating incidents in *NIX environments
- Familiarity performing log analysis using SIEM tools (e.g. ELK)
- Experience with scripting languages (e.g. Python, Go and PowerShell) for automation and analysis
- Excellent communication skills (verbal and written), teamwork and collaboration skills
- Ability to communicate technical concepts to a broad range of technical and non-technical staff

Preferred Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, or a technical field (or equivalent work experience in related field
- Professional certifications in Cybersecurity (OSCP, GCIH, GREM, GNFA or other relevant certifications)
- Experience in working and investigating incidents in Cloud environments (e.g. AWS, GCP)
- Familiarity with container technologies such as Docker and Kubernetes

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.