Cloud Security Operations Lead

Washington, DC
May 03, 2021
May 05, 2021
Full Time
DescriptionTikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo. The Global Security Organization provides industry leading security and privacy services to ByteDance globally. Our organization uses four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, We drive risk informed and empowered decision making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development - to consistently build sustainable world-class security capabilities.As a direct report to the Principal Security Operations Engineer within the Business Operations team, you will be a part of the Security Operations team responsible for Enterprise Defense Operations and Platform Management, Hosting Platform Defense Operations, and Global Security Technology Operations. The Security Operations team's primary focus is management of security and defense platforms, technologies, tools, and services supporting security controls across TikTok's environments. As the Cloud Security Operations Lead, you will be responsible for supporting the Principal Security Operations Engineer in leading a team of cross-functional cyber, privacy, and data protection engineers, architects, and analysts to deploy, integrate, and manage, technologies to support the security and protection of data in accordance with relevant geographical regulations, contractual commitments, and confidentiality your capacity as a key contributor and team leader within Security Operations, you are part of a team that manages the design, engineering, and deployment of tools and technologies to monitor our global infrastructure footprint to validate data inventory, access and protection, and security of our vast infrastructure of data center, SaaS, and IaaS. This will include servicability and continuing improvement of technology platforms, technologies, and services as well as oversight to your team as they manage operational configuration updates to security tools and validate effectiveness. Further, you and your team will create a strategy for the control environment to enable and protect TikTok's infrastructure, technologies, and services. This will entail understanding requirements, designing controls, and ultimately managing the on-going operation of those controls.The candidate must be skilled in conducting technical analysis of Cloud security and business problems, as well as threats, incidents, investigations, workforce protection, and other general security-related issues. The candidate must also have the ability to communicate well, motivate and lead cross-functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate security information as appropriate in support of TikTok's critical business, go to market, and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to execute TikTok's business model.Responsibilities:- Support the development and execution of enterprise-wide Cloud security program - Build technical and functional requirements to configure and deploy Cloud security tooling- Develop standard operating procedures and trainings for each technology- Architect and continuously improve security technology stack, process and procedures, support model and cross-function interactions- Review and investigate alerts generated from Cloud security tools and escalate as appropriate - Review and assess utilization of Cloud security tooling- Promote and drive adoption of Cloud security tooling across the enterprise- Partner across the Security Operations team to respond to cybersecurity incidents - Develop and report Cloud security coverage metrics and remediation plans - Maintain strong vendor relationships for Cloud security tooling for continuous support- Define procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of Cloud networks and technology platformsQualificationsRequiredQualifications:- Excellent analytical and problem-solving skills- Excellent communication skills (verbal and written), ability to influence without authority- Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information- Ability to balance risks in ambiguous and complex situations- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and cross-functional teams- Highly motivated to contribute and grow within a complex area of emerging importance - Ability to communicate technical concepts to a broad range of technical and non-technical staff- Strong understanding of: - Interpretation of numeric data and statistical principles - Industry standard frameworks - Linux, MacOS, and Windows internals - Operating and maintaining tools across Cloud security technology stack- Bachelors' Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program- 3-5 years applicable experience- High degree of integrity and trustworthiness and the ability to lead and inspire change- Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge- Experience building and growing a team to meet strategic and tactical objectives; mentoring and coaching staff- In-depth experience in the following: - Metadata management - Asset management - Change management - Microservice architecture - Data leakage/content monitoring and filtering - Cloud access security broker - Configuration of web application firewallsPreferred Qualifications:- CISSP, SSCP, CAP, CCSP, CISM, CSX-P or applicable experience in the Information Security field- Experience using one or more programming/scripting languages (eg, Python, Go, Java, etc.)- Familiarity with source code management tools (eg, Github, Bitbucket)- Familiarity with securing data across SaaS and IaaS cloud platforms (eg, AWS, Google Cloud Platform)- Familiarity with securing data across multiple database technologies (eg, MySQL, Redis, Hive)- Be able to handle ambiguity and collaborate with a global team- Be comfortable communicating with business executives and technical teams- Be able to motivate junior staff and contractorsTikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We believe individuals shouldn't be disadvantaged because of their background or identity, but instead should be considered based on their strengths and experience. We are passionate about this and hope you are too.RegularExperiencedSDL2017