Analyst, US Access Assurance Operations - Washington DC, Mountain View, LA or NYC

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo.

Our Global Security function provides services to TikTok's US market using four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, we drive risk-informed and empowered decision-making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development – to consistently build sustainable world-class and trusted security capabilities.

As a direct report to the US Access Assurance Senior Analyst within Business Operations Protection, you will be a part of the team responsible for Enterprise Data Defense and Access Assurance Operations. The Data Defense and Access Assurance team within TikTok's Global Security Organization is responsible for engineering, deploying, testing and monitoring our global infrastructure footprint to validate data inventory, access and protection across our vast infrastructure of data center, SaaS and IaaS. Your team will be responsible for the deployment, execution and monitoring to ensure we are successful in understanding, at any point in time, the state of our data and who can access it. As Access Assurance Analyst, you will be responsible for supporting the Principal Data Defense Engineer in developing the technologies, processes, and people that will manage access to TikTok systems & data, establish enforcement of access policies, and enable protection of TikTok consumer data, intellectual property, and proprietary code.
In your capacity as a key contributor within Enterprise Data Defense and Access Assurance Operations, you are part of a team that manages the security of TikTok data through access management processes and controls across the entire data lifecycle, from creation to destruction. This will include developing the process for granting and removing access based on the principles of least privilege and need to know, and managing access to data. Further, you will oversee policies and procedures for managing access based off enterprise policy and other international regulatory requirements (e.g., data residency), and ingest organizational policies to create enforcement mechanisms. This will entail understanding requirements, designing controls, and ultimately managing the on-going operation of those controls. You will also be responsible for investigating and resolving incidents that involve unauthorized and inappropriate access or transactions.

The candidate must be skilled in conducting technical analysis of access policies, rules, and permissions as well as evaluating appropriateness of roles and transactions. The candidate must also have the ability to communicate well, motivate and lead cross-functional and individual contributor teams independently, participate in coordinating response and defensive actions as it relates to identity and access assurance, and disseminate security information as appropriate in support of TikTok's critical business, go to market, and operational infrastructure needs.

Responsibilities

• Build and review technical and functional requirements for in-house or external technologies to support access management and assurance needs
• Apply appropriate security measures, controls, and protections in the design and selection of identity and access management tools and technologies
• Interact with users to define access standards and/or necessary modifications to new or existing access policies or roles in support of data security standards
• Develop and maintain data residency and data access requirements and controls as necessitated by business need and regulations
• Manage and maintain access management technologies to better validate user identify and control access to data
• Develop use cases and integrate access management technologies with related cybersecurity technologies (e.g., security incident and event management, data classification, vulnerability management)
• Define access assurance controls and requirements and support control operationalization
• Monitor, respond and report on inappropriate data access events
• Support interactions with Risk and Compliance to understand control requirements and provide information to support findings for non-compliance with internal security policies

Knowledge and Skills:

• Excellent analytical and problem-solving skills
• Excellent communication skills (verbal and written), ability to influence without authority
• Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information
• Ability to balance risks in ambiguous and complex situations
• Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and cross-functional teams
• Highly motivated to contribute and grow within a complex area of emerging importance
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Strong understanding of:
• Access management tools, processes, and procedures
• User access administration, role and policy-based access controls, including identity management, provisioning and de-provisioning access
• Privileged access management (PAM) tools
• Access reviews for appropriateness and authorization
• Interpretation of numeric data and statistical principles
• Industry standard frameworks

Minimum Qualifications:

• Bachelors’ Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program
• 3 years applicable experience
• High degree of integrity and trustworthiness and the ability to lead and inspire change
• Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge
• Experience building and growing a team to meet strategic and tactical objectives; mentoring and coaching staff
• In-depth experience in the following:
• Access management on Windows and Linux operating systems
• Database access management across multiple types (e.g., MySQL, Redis, MongoDB)
• Access monitoring, remediation, and escalation
• Role and policy-based access policies based on principle of least privilege
• Access permission retrieval and analysis
• Configuration of access permissions/roles
• Provisioning, modifying, and de-provisioning account access

Preferred Qualifications:

• CISSP, SSCP, CAP, CCSP, CISM or applicable experience in the Information Security field
• Familiarity with securing access to data across multiple geographical locations
• Familiarity with applications built on a microservices architecture
• Familiarity with securing identity across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)
• Be able to deliver both detailed technical reports to enable access remediation and business friendly reports to demonstrate progress and track risk
• Be able to write scripts, configure tools, work with APIs and databases (e.g., MySQL, PostgreSQL, Redis)
• Be able to handle ambiguity and collaborate with a global team
• Be comfortable communicating with business executives and technical teams

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We believe individuals shouldn't be disadvantaged because of their background or identity, but instead should be considered based on their strengths and experience. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to us at USCR@tiktok.com.