Cyber Security Operations Center (CSOC) Principle - USDS

se. Your team will regularly survey the TikTok networks for signs of a breach, malware or unauthorized access. You will identify and disrupt major threats that target TikTok users or utilize TikTok's infrastructure.

Additionally, your team will develop and maintain standard operating procedures and response plans. Join our team to lead and execute purple team exercises in collaboration with the USDS red team, enhancing incident response processes and refining operational procedures.

Your team will be responsible for collecting and analyzing data to support threat investigations.

The preferred candidate will be responsible for leading these efforts in collaboration with peer Fusion Center Principals globally. The candidate must have expert skills in conducting technical analysis of security events, malware analysis, incident investigation and escalation, digital forensics and other general incident response related issues. The candidate must also have the ability to communicate effectively, motivate and lead cross functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of TikTok's critical business and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to protect the TikTok business.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Tasks and Responsibilities:

• Develop and document standard operating procedures including identification, remediation, containment, and eradication procedures
• Identify major threats that target TikTok users or utilize company infrastructure
• Develop a staffing structure and roles and responsibilities for a 24x7x365 monitoring and response capability
• Provide input to cross functional teams to ensure that log sources meet analyst needs and that sensors and collection devices are placed strategically throughout the environment
• Work with Crisis and Incident Management to enable procedures and execute them when necessary
• Work with Human Resources and Recruiting to build a staffing and development plan to attract, develop, and retain world class talent at all levels
• Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations

Qualifications

Minimum Qualifications

• Bachelors' Degree or industry equivalent work experience in security architecture and engineering in a converged security program
• CISSP, GCIA, GCIH, GREM or applicable experience in the Information Security field
• 5+ years experience & expert in computer security incident handling and responding to Advanced Persistent Threats
• Strong leadership skills and the ability to foster a collaborative, high performing team with Excellent analytical, problem-solving, communication (verbal and written) skills with the ability to influence without authority.
• Demonstrated teamwork and collaboration skills - in particular in leading or contributing to multi-functional teams while being able to balance risks in ambiguous and complex situations.

Preferred Qualifications

• Demonstrated experience in leading a security focused capability and providing world class services at enterprise scale with Expertise in performing or overseeing malware analysis, performing or overseeing digital forensics for incident response
• Strong Operating System Administration skills including conceptual knowledge of OS internals and experience with core service types
• Strong experience with *NIX and Windows environments
• Experience in maintaining a working knowledge of global attack groups and their tools, techniques, and procedures
• Strong analytical/problem solving skills and cross functional knowledge across multiple IT operational and security disciplines while possessing a high degree of integrity, be trustworthy, and have the ability to lead and inspire change.