Senior Cloud Security Operations Specialist

$118,800 - $196,000/Yr

Tiktok - San Jose, CA

posted 3 days ago

Full-time - Senior
San Jose, CA
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

TikTok is the leading destination for short-form mobile video, and our mission is to inspire creativity and bring joy. As part of the Global Security Organization, the Senior Cloud Security Operations Specialist will play a crucial role in managing the design, engineering, and deployment of tools and technologies that monitor our global cloud infrastructure. This position is integral to ensuring the security of our cloud environments by validating asset inventory, ensuring proper access, and detecting/preventing cloud-based misconfigurations and vulnerabilities. The role requires collaboration with network and endpoint security teams to apply security tooling effectively, including CWPP, WAF, Anti-DDOS, and IDS technologies. Additionally, the specialist will serve as a cloud Subject Matter Expert (SME), conducting architecture design reviews, training sessions, and providing ad-hoc support during investigations and projects. The ideal candidate will possess a strong understanding of cloud security industry standards and best practices, as well as hands-on experience with cloud security technologies. They will be responsible for supporting the development and execution of an enterprise-wide cloud security program, defining and managing security controls for a multi-cloud architecture, and promoting the adoption of cloud security tooling across the enterprise. The role also involves developing standard operating procedures and training for security technologies, continuously improving the security technology stack, and partnering with the Security Operations team to respond to cybersecurity incidents. This position requires excellent communication skills and the ability to coordinate responses to security incidents across various disciplines. At TikTok, we believe in creating an inclusive environment where every employee is valued for their unique skills and experiences. We are committed to celebrating diversity and fostering a workplace that reflects the communities we serve. Our hybrid work model allows for flexibility, requiring employees to work in the office for 2 to 3 days a week, as directed by their manager. This role is essential in driving our mission forward and ensuring the security of our cloud infrastructure.

Responsibilities

  • Support the development and execution of enterprise-wide Cloud security program
  • Define and manage security controls for a multi-cloud architecture
  • Configure, maintain, deploy, and write rules in Cloud security tools (CSPM, CWPP, CNAPP)
  • Design and implement 3rd party and cloud-native tooling to meet defined requirements
  • Develop standard operating procedures and trainings for each technology
  • Architect and continuously improve security technology stack, process and procedures, support model and cross-function interactions utilizing automation where possible
  • Review and assess utilization of Cloud security tooling
  • Promote and drive adoption of Cloud security tooling across the enterprise
  • Partner across the Security Operations team to respond to cybersecurity incidents
  • Develop and report Cloud security coverage metrics and remediation plans
  • Define procedures to validate the effectiveness of the design, deployment, and management of security controls that aim to maintain confidentiality, integrity, and availability of Cloud networks and technology platforms

Requirements

  • Strong understanding of cloud security industry standards and best practices (CSA CCM, CIS benchmarks, etc.)
  • Knowledge of TCP, IP, HTTP and basic application architecture
  • Experience in operations and maintenance of Cloud security technology stack (CSPM, CWPP, CIEM, Cloud native features like GuardDuty, AWS Config, Amazon Inspector, etc.)
  • Proficient use of Linux, MacOS, and Windows Operating System tools (such as curl, wget, nslookup, etc.)
  • Working proficiency with at least one scripting language (Python, Javascript, Java, etc.)
  • Hands-on experience with proxies, load balancers, virtual machines, containers, and/or serverless technologies
  • Demonstrated ability to quickly assimilate new information and remain current on new developments in cybersecurity capabilities and industry knowledge

Nice-to-haves

  • Minimum of 5 years of experience operating in at least one cloud provider, preferably GCP, AWS, or OCI
  • CISSP, SSCP, cloud provider certifications from AWS, GCP, OCI, or applicable experience in the Information Security field
  • Experience in a multi-cloud or hybrid cloud environment
  • Hands-on experience with SecDevOps technologies including Docker, Kubernetes, Jenkins, Terraform, and/or Cloudformation
  • Experience with other security technology tools (SIEM, SOAR, EDR, WAF, Anti-DDOS, IDS/IPS, DLP, ZTA, PAM, Secrets Management)

Benefits

  • 100% premium coverage for employee medical insurance
  • Approximately 75% premium coverage for dependents
  • Health Savings Account (HSA) with a company match
  • Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans
  • Flexible Spending Account (FSA) Options like Health Care, Limited Purpose and Dependent Care
  • 10 paid holidays per year
  • 17 days of Paid Personal Time Off (PPTO)
  • 10 paid sick days per year
  • 12 weeks of paid Parental leave
  • 8 weeks of paid Supplemental Disability
  • Mental and emotional health benefits through EAP and Lyra
  • 401K company match
  • Gym and cellphone service reimbursements

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service