Cyber Security Operations Center (CSOC) Principle - USDS

About the Team
The TikTok Cyber Fusion Center is a global brand with locations opening in Washington D.C., Australia, and the UK. A Cyber Fusion Center comprises specialized, highly proficient security professionals who enable rapid and informed response to protect the company from cyber threat scenarios.

The Fusion Center Principal will lead the TikTok US Cyber Fusion Center in Washington, DC. You will build and lead a team of people, processes and technologies with the overarching goal of detecting and responding to threats that could impact TikTok's US operations.

The TikTok US Fusion Center will in-take, investigate and perform incident response against threats with the potential to impact TikTok US. For cyber-related threats, the Cyber Fusion Center team will detect, investigate, and respond to threats or malicious activities within the enterprise. Your team will regularly survey the TikTok networks for signs of a breach, malware or unauthorized access. You will identify and disrupt major threats that target TikTok users or utilize TikTok's infrastructure.

Additionally, your team will develop and maintain standard operating procedures and response plans. Join our team to lead and execute purple team exercises in collaboration with the USDS red team, enhancing incident response processes and refining operational procedures.

Your team will be responsible for collecting and analyzing data to support threat investigations.

The preferred candidate will be responsible for leading these efforts in collaboration with peer Fusion Center Principals globally. The candidate must have expert skills in conducting technical analysis of security events, malware analysis, incident investigation and escalation, digital forensics and other general incident response related issues. The candidate must also have the ability to communicate effectively, motivate and lead cross functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of TikTok's critical business and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to protect the TikTok business.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Tasks and Responsibilities:
- Develop and document standard operating procedures including identification, remediation, containment, and eradication procedures
- Identify major threats that target TikTok users or utilize company infrastructure
- Develop a staffing structure and roles and responsibilities for a 24x7x365 monitoring and response capability
- Provide input to cross functional teams to ensure that log sources meet analyst needs and that sensors and collection devices are placed strategically throughout the environment
- Work with Crisis and Incident Management to enable procedures and execute them when necessary
- Work with Human Resources and Recruiting to build a staffing and development plan to attract, develop, and retain world class talent at all levels
- Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations