Senior Cloud Security Operations Specialist

$118,800 - $196,000/Yr

Tiktok - New York, NY

posted 2 days ago

Full-time - Senior
New York, NY
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

TikTok is the leading destination for short-form mobile video, and our mission is to inspire creativity and bring joy. As a Senior Cloud Security Operations Specialist, you will be part of the Cloud Security team within the Security Tools Operations group. This role involves managing the design, engineering, and deployment of tools and technologies that monitor our global cloud infrastructure. You will play a crucial role in validating asset inventory, ensuring proper access, and detecting or preventing cloud-based misconfigurations and vulnerabilities. Additionally, you will collaborate with our network and endpoint security teams to apply security tooling such as CWPP, WAF, Anti-DDOS, and IDS technologies to secure our public cloud environments. In this position, you will serve as a Subject Matter Expert (SME) in cloud security, conducting architecture design reviews, leading training sessions, and providing ad-hoc support during investigations and projects. You will work closely with various teams, including vulnerability management, incident response, and governance, risk, and compliance (GRC), to ensure that TikTok's cloud security posture is robust and effective. The ideal candidate will have a strong understanding of cloud security industry standards and best practices, as well as hands-on experience with cloud security technologies and tools. The Global Security Organization at TikTok is committed to providing industry-leading cyber-security and business protection services. We prioritize transparency and trust, maintain best-in-class global security, and strive to be a business catalyst and enabler. Our hybrid work model requires employees to work in the office for 2 to 3 days a week, as directed by their manager, allowing for flexibility while ensuring collaboration and productivity.

Responsibilities

  • Support the development and execution of enterprise-wide Cloud security program
  • Define and manage security controls for a multi-cloud architecture
  • Configure, maintain, deploy, and write rules in Cloud security tools (CSPM, CWPP, CNAPP)
  • Design and implement 3rd party and cloud-native tooling to meet defined requirements
  • Develop standard operating procedures and trainings for each technology
  • Architect and continuously improve security technology stack, process and procedures, support model and cross-function interactions utilizing automation where possible
  • Review and assess utilization of Cloud security tooling
  • Promote and drive adoption of Cloud security tooling across the enterprise
  • Partner across the Security Operations team to respond to cybersecurity incidents
  • Develop and report Cloud security coverage metrics and remediation plans
  • Define procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of Cloud networks and technology platforms

Requirements

  • Strong understanding of cloud security industry standards and best practices (CSA CCM, CIS benchmarks, etc.)
  • Knowledge of TCP, IP, HTTP and basic application architecture
  • Experience in operations and maintenance of Cloud security technology stack (CSPM, CWPP, CIEM, Cloud native features like GuardDuty, AWS Config, Amazon Inspector, etc.)
  • Proficient use of Linux, MacOS, and Windows Operating System tools (such as curl, wget, nslookup, etc.)
  • Working proficiency with at least one scripting language (Python, Javascript, Java, etc.)
  • Hands-on experience with proxies, load balancers, virtual machines, containers, and/or serverless technologies
  • Demonstrated ability to quickly assimilate new information and remain current on new developments in cybersecurity capabilities and industry knowledge

Nice-to-haves

  • Minimum of 5 years of experience operating in at least one cloud provider, preferably GCP, AWS, or OCI
  • CISSP, SSCP, cloud provider certifications from AWS, GCP, OCI, or applicable experience in the Information Security field
  • Experience in a multi-cloud or hybrid cloud environment
  • Hands-on experience with SecDevOps technologies including Docker, Kubernetes, Jenkins, Terraform, and/or Cloudformation
  • Experience with other security technology tools (SIEM, SOAR, EDR, WAF, Anti-DDOS, IDS/IPS, DLP, ZTA, PAM, Secrets Management)

Benefits

  • 100% premium coverage for employee medical insurance
  • Approximately 75% premium coverage for dependents
  • Health Savings Account (HSA) with a company match
  • Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans
  • Flexible Spending Account (FSA) Options like Health Care, Limited Purpose and Dependent Care
  • 10 paid holidays per year
  • 17 days of Paid Personal Time Off (PPTO)
  • 10 paid sick days per year
  • 12 weeks of paid Parental leave
  • 8 weeks of paid Supplemental Disability
  • Mental and emotional health benefits through EAP and Lyra
  • 401K company match
  • Gym and cellphone service reimbursements

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service