Amazon Web Services (AWS), Analysis Skills, Automation, Cloud Computing, Communication Skills, Computer Forensics, Computer Science, Computer Security, Data Analysis, Defense in Depth, Disciplinary Action, GCP (Good Clinical Practices), Git, Global Branding, Incident Response, Information/Data Security (InfoSec), Intellectual Property (IP), Internet Security, Interviewing Skills, Investigative Reports, Legal, Mentoring, Microsoft Product Family, Microsoft Windows Azure, Operational Improvement, Privacy Regulations, Public/Media/Press/Analyst Relations, Python Programming/Scripting Language, Regulations, Reporting Skills, Risk, Risk Management, Risk Modeling, Security Analysis, Single Sign-On (SSO), Slack, Software Engineering, Technical Leadership, Telemetry, Threat Modeling, User Interface/Experience (UI/UX), VPN (Virtual Private Network)
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
TikTok's Insider Risk team is seeking a technical security analyst to help lead high-impact internal investigations globally. In this position, you will investigate threats related to, but not limited to, exfiltration, data misuse, policy violations, dual employment, and reputational risk stemming from TikTok personnel or operations.
This role demands strong technical acumen, investigative instincts, and the ability to navigate sensitive matters across multiple jurisdictions. You will work independently but collaboratively, serving as the key technical point of contact for insider risk cases. Candidates must have experience in security analysis or engineering and have operated within a large-scale tech, platform, or media environment.
Key Responsibilities:
- Lead technical insider risk investigations from intake to closure involving sensitive matters such as: Data exfiltration or misuse, Unauthorized platform access or privilege abuse, Dual employment and conflict of interest concerns, Misconduct with potential public or regulatory exposure and Tampering with intellectual property
- Analyze telemetry data and indicators across regional infrastructure: DLP alerts, endpoint logs, VPN activity, service logs, and our internal collaboration platform.
- Conduct interviews with employees and stakeholders across the AMS and other regions, exercising sound judgment and cultural sensitivity.
- Write thorough, region-specific investigation reports, ensuring alignment with global protocols while reflecting local legal and business context.
- Collaborate with Legal, HR, Engineering, PR, and Policy teams across the Americas to coordinate investigative outcomes and support remediation or disciplinary action.
- Monitor and assess external threats and public disclosures originating from internal actions that may affect TikTok's brand globally.
- Identify and address regional detection gaps, contribute to threat modeling, and help shape alerting logic in partnership with detection, analysis, and engineering teams.
- Maintain complete discretion and proper handling of sensitive employee, operational, and company data in accordance with regional privacy laws. Minimum Qualifications:
- Strong technical proficiency in: Log data analysis (Audit logs for various services, process logs, etc), Security principles (CIA, defense in depth, principle of least privilege, etc.), IAM/SSO (Okta, AD, etc.), Cloud services (GCP, AWS, Azure, Ali Cloud, etc.), Endpoint detection and response (EDR), Network logs, Email logs, Collaboration platform logs (Slack, Microsoft Teams, etc.)
- Strong understanding of developer workflows and tools (e.g. Git, python, etc...) and how they are used day to day by engineers.
- Experience independently leading complex security investigations from detection through remediation
- Experience performing endpoint, cloud, and identity-based investigations across enterprise environments
- Experience mentoring analysts and serving as a technical escalation point for investigative teams
- Ability to communicate technical findings to both technical and non-technical stakeholders
- Strong experience producing investigation reports suitable for internal counsel, executives, and auditors.
Preferred Qualifications:
- 5+ years of experience in Insider Risk, Insider Threat, Security Engineering, Digital Forensics, Incident Response, or related disciplines
- Bachelor's degree or above in Cybersecurity, Computer Science, Software Engineering.
- Demonstrated experience conducting investigative interviews and subject questioning.
- Experience developing detections, investigative playbooks, workflows, or automation to improve insider risk operations
- Familiarity with GDPR or equivalent privacy frameworks relevant to internal investigations.
- Prior involvement in investigations that resulted in external visibility, public scrutiny, or regulatory engagement.
- Familiarity with insider threat frameworks and risk modeling.