Insider Risk Investigator - USDS

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Team Intro
The USDS Insider Risk Investigations team collaborates with cross-functional partners to assess and address risks posed by employees who may jeopardize the security of U.S. users' data. We investigate incidents such as data breaches, intellectual property theft, and other policy violations.

We are looking for an experienced Insider Risk Investigator with advanced expertise in Digital Forensics and Incident Response (DFIR). In this role, you will be responsible for identifying potential insider threats across the organization, conducting thorough investigations into unauthorized access or misuse of company assets and data, applying forensic methodologies to analyze incidents, and strengthening organizational security.

Responsibilities
- Conduct investigations into suspected insider threats including cases involving intellectual property theft, unauthorized access/use of sensitive systems or data, fraud/embezzlement activities, or violations of internal policies.
- Utilize advanced digital forensic techniques to collect evidence from endpoints (Windows/macOS/Linux), mobile devices (iOS/Android), network logs, cloud-based services (AWS/Azure/GCP), file shares/repositories (e.g., SharePoint), databases, and other relevant sources.
- Analyze system artifacts such as registry files, event logs, browser histories/cache data/memory dumps/timelines to accurately contextualize insider actions.
- Use endpoint detection tools (EDR) or SIEM platforms to identify behavioral anomalies that may indicate malicious intent or policy violations.
- Develop workflows for identifying high-risk behaviors such as exfiltration attempts via email/cloud storage/USB devices or lateral movement within internal networks.
- Collaborate with cross-functional stakeholders including Legal teams (for compliance/litigation support), HR/Ethics teams on employee-related investigations, IT/Security teams on mitigation measures or technical controls post-investigation findings.
- Generate detailed reports summarizing investigative findings with defensible documentation while maintaining chain-of-custody principles for potential legal proceedings.
- Provide recommendations for improving proactive monitoring mechanisms/tools for early detection of insider risks across physical/digital environments.
- Stay current on emerging threats related to insider risk programs as well as best practices in forensic analysis and security incident handling frameworks.

Qualifications

Minimum Qualifications
- Bachelor's degree in Cybersecurity/Digital Forensics/Information Technology/Computer Science or equivalent professional experience in related fields.
- 5+ years of experience conducting technical investigations into cybersecurity incidents with a strong emphasis on insider risk management cases.
- Expertise in digital forensic tools such as EnCase®, FTK®, Cellebrite®, X-Ways®, AXIOM®; familiarity with scripting languages like Python/Bash/PowerShell preferred.
- Advanced knowledge of Windows/macOS/Linux operating systems at a forensic level-including file systems (NTFS/APFS/HFS+), memory analysis techniques/artifacts extraction methods/log parsing capabilities.
- Experience working with EDR solutions (e.g., CrowdStrike Falcon®, Carbon Black®) or SIEM platforms such as Splunk®/QRadar®/ArcSight® for anomaly detection during investigations.
- Familiarity with cloud service providers like AWS/Azure/GCP-specifically their logging capabilities (e.g., CloudTrail/Azure Monitor)-and cloud-native investigation techniques.

Preferred Qualifications
- Certifications in Digital Forensics and Incident Response domains: GCFE®, GCFA®, CCE®, EnCE®, CISSP®, OSCP® preferred but not required depending upon experience level validation!
- Practical hands-on training certifications like SANS FOR508/MITRE ATT&CK fundamentals mastery ideal complements too
- Extended skill flexibility needs

D&I Statement
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Accommodation Statement
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/ktJP6

Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.