Security Automation & Operations Engineer, Global SOC

About TikTok

TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.

Why Join Us

Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.

We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Team Introduction

Our IT security team is responsible for enterprise IT global cyber security, server security, endpoint security, application security construction, and protection work. They work to improve overall IT security capabilities and security posture, providing security processes, security assessments, security operations, and security vulnerability management services. The team also supports IT teams and business departments in meeting their security requirements.

Responsibilities

- Design, write, and maintain production-grade code to automate security workflows, integrations, and response actions across enterprise security tools.

- Build custom automation and integrations within SOAR platforms to streamline threat detection, incident response, and vulnerability management.

- Develop tools and scripts (Python, Bash, Ansible, etc.) to automate repetitive security operations, log analysis, enrichment pipelines, and alert triage.

- Work closely with DevOps and engineering teams to embed security automation into CI/CD pipelines.

- Manage and operate security platforms (e.g., NGFWs, EDR, CASB, SWG, Email Security, IDS/IPS), ensuring consistent uptime and reliability.

- Conduct security architecture reviews and make configuration and code-level recommendations aligned with industry best practices.

- Architect secure data environments for large-scale analytics systems (e.g., data lakes, Hadoop ecosystems, Redshift, BigQuery) and implement access and control automation.

- Continuously improve and test automation workflows to adapt to new threats, operational gaps, and evolving business requirements.

- Document automation logic, tool configurations, and SOPs to support scalable, repeatable operations.

- Collaborate with global security, infrastructure, and engineering teams to support security monitoring and incident response.

- Collaborate with cross-functional teams across different time zones to help enforce security standards and best practices

- Flexible working hours, maybe shift schedule work on weekends or holidays

Minimum Qualifications

- Hands-on experience in a cybersecurity engineering or security automation role, with demonstrated ability to write and ship production code.

- Proficient in Python (preferred), Bash, or Ansible for building automation and tool integrations.

- Familiarity with security engineering tasks such as log parsing, detection rule development, and alert correlation using code-based approaches.

- Strong understanding of enterprise security tools and operational best practices (e.g., SIEM, EDR, CASB, vulnerability management).

- Experience working in environments with CI/CD pipelines, containers, and infrastructure-as-code.

Preferred Qualifications

- Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related STEM field.

- Hands-on experience with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR) and building custom playbooks or integrations via APIs.

- Experience building security automations using APIs, webhooks, and event-driven architectures.

- Exposure to AI/ML concepts applied to security operations (e.g., threat classification, anomaly detection, behavioral modeling).

- Strong problem-solving skills and a software engineering mindset applied to security challenges.

- Experience with cloud-native security tooling (e.g., AWS Security Hub, Azure Sentinel) and scripting for cloud environments.

- Knowledge of securing distributed data systems (e.g., Hadoop, Redshift, BigQuery, Azure Synapse).

- Relevant certifications (e.g., OSCP, CISSP, GIAC, AWS/GCP cloud certs) are a plus.