Senior Cyber Incident Response Analyst

Responsibilities
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.

The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk.

As a Senior Cyber Incident Response Analyst, you will be a technical escalation point of TikTok’s enterprise Threat Detection and Response team. The Threat Detection and Response team is responsible for 24x7 monitoring of multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The Threat Detection and Response team operates under a follow-the-sun model, with hubs located in Singapore, Dublin and US. The Threat Detection and Response team will regularly survey the TikTok networks for signs of a breach, malware, or unauthorized access. Additionally, the Threat Detection and Response team is responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the Threat Detection and Response team will be responsible for data collection and analysis of Incident Response data.

**Responsibilities**:

- Lead and take charge of cyber incident response efforts and investigations, serving as a point of escalation for junior analysts.
- Perform in-depth technical analyses and evaluations of security-related incidents, encompassing tasks like dissecting malware, scrutinizing packet-level data, and conducting system-level forensic analysis to identify the severity and root cause of security incidents.
- Continuously review and refine processes, tools, and documentation to adapt to the dynamic threat landscape and evolving threats.
- Collaborate with cross-functional teams in simulated incident response exercises to develop and enhance incident response processes and capabilities.
- Prepare and generate comprehensive post-incident analysis reports to identify lessons learned and improvement areas for stakeholders and leadership.
- Lead the development and implementation of Incident Response Playbooks for various types of incidents to streamline incident response efforts.
- Collaborate with cross-functional partners to develop and implement SOAR playbooks to automate routine processes and create or enhance response capabilities.
- Mentor and guide junior Threat Detection and Response analysts to grow their technical skills.
- This position is part of a 24x7x365 operation and may require shift and/or on-call work.

**Qualifications**:

- At least 5-7 years of experience handling cybersecurity related incidents
- Technical expertise in one or more of the following domains: Malware Analysis, Digital Forensics, Log Analysis, Red Teaming/Penetration Testing or related domains
- Strong understanding of networking protocols, traffic analysis, and network security tools (e.g. WAF, IPS/IDS, and NDR)
- Strong Linux fundamentals, experience operating and investigating incidents in *NIX environments
- Familiarity performing log analysis using SIEM tools (e.g. ELK)
- Experience with scripting languages (e.g. Python, Go and PowerShell) for automation and analysis
- Excellent communication skills (verbal and written), teamwork and collaboration skills
- Ability to communicate technical concepts to a broad range of technical and non-technical staff

Preferred Qualifications
- Bachelor's degree in Cybersecurity, Computer Science, or a technical field (or equivalent work experienc