Critical Incident Response Center (CIRC) Analyst



Full time

Major Incident Management

Oct 26

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo.

As a member of TikTok’s Critical Incident Response Center (CIRC) team, you will join a strong team of people with the overarching goal of detecting and responding to threats facing TikTok's products, services and customers around the world. You'll be based in one of our geographically distributed, state-of-the-art Converged Fusion Centers in either Singapore, Dublin or Washington D.C.

The CIRC team within TikTok’s Global Security Organization (GSO) is responsible for monitoring multiple security-related information sources to manage incidents related to cyber, privacy, and data protection for TikTok data, infrastructure, and products. The CIRC team will regularly survey the TikTok networks for signs of a breach, malware, or unauthorized access. Additionally, the CIRC team are responsible for developing and maintaining incident response plans, playbooks and procedures. Finally, the CIRC team will be responsible for data collection and analysis of Incident Response data.

The CIRC team will take disparate data sets when combined with threat information and other enrichment to conduct analysis and identify incidents and drive appropriate responses to contain and minimize impact and restore normal operations. The analysis is used to ensure a consistent and coordinated response to ongoing threats ensuring TikTok can continue to operate safely and securely.

The preferred candidate will have experience in conducting technical analysis of security events, ideally in malware analysis, incident triage and escalation, digital forensics, and other general incident response related issues. The candidate must also communicate well, motivate others and be a valued member of cross-functional and individual contributor teams independently. You will participate in coordinating response and defensive actions over a variety of security disciplines and disseminate technical information as appropriate in support of TikTok’s critical business, go to market, and operational infrastructure needs.


  • Conduct technical analysis and assessments of security-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis. Conduct the analysis of network traffic and output from various network-centric technologies. Analyze disk & memory images with the intent of recovering information related to a security incident. The analysis focus can include malicious or suspicious files, logs, registry entries, or indications of lateral movement or data exfiltration.
  • Review various alerts from the intelligence sources and identify any indicators of attacks that may be focused on TikTok or identify any activities from threat actors that may have an interest in TikTok.
  • Utilizing intelligence from various sources, define, build, test and implement correlation rules that support the monitoring and enforcement of TikTok’s security policies.
  • Develop incident response plans and procedures, including identification, remediation, containment, and eradication procedures.
  • Identify major threats that target TikTok users or utilize company infrastructure.
  • Provide input to cross-functional teams to ensure that log sources meet analyst needs and that sensors and collection devices are placed strategically throughout the environment.
  • Synthesize technical details of critical incidents to executive management and provide immediate containment and eradication recommendations.
  • Development and maintenance of procedural documentation.
  • Maintain and respond to changes in operational indicators and metrics.
  • Support the onboarding of new products, data, process, or tools by identifying requirements by integrating them into operations (processes, playbooks, and training)


Minimum Qualifications

  • At least 1-3 years of experience handling security-related incidents.
  • Excellent analytical and problem-solving skills.
  • Excellent communication skills (verbal and written), ability to influence without authority.
  • Ability to priortise workload in ambiguous and complex situations.Demonstrated teamwork and collaboration skills, in particular in contributing to global and multi-functional teams.
  • Demonstrates excellent time management, problem-solving, effort prioritization and interpersonal relations.
  • Works well under pressure and within constraints to solve problems and meet objectives.
  • Ability to communicate technical concepts to a broad range of technical and non-technical staff.
  • Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change.

Preferred Qualifications

  • One or more programming/scripting languages (e.g., C++, Perl, Java, Python, etc.).
  • SQL Scripting knowledge and experience .
  • Experience in performing or overseeing malware analysis.
  • Experience in performing digital forensics for incident response.
  • Strong Operating System administration skills including conceptual knowledge of OS internals and experience (Windows, Mac or Linux).

Apply for this position Back to job

You must be logged in to to apply to this job.


Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information


View resume



Make your day