DFIR Automation Engineer - Global Security Organization

TikTok's Global Forensics team is responsible for the company's technical investigations and digital forensics work. We are seeking a DFIR Automation Engineer (Investigation Enablement & Threat Hunting). This role focuses on tooling, automation, and AI-assisted engineering to scale cross-domain investigations by accelerating data retrieval, correlation, timeline reconstruction, evidence packaging, and report drafting-while preserving audit-ready, defensible, and reproducible evidence chains. The role also drives case-informed proactive hunting to discover additional risk signals and convert them into reusable playbooks, tools, and detection/controls improvements.

Responsibilities

• Build and maintain investigation enablement tooling and automation: data retrieval/export, enrichment, correlation, entity normalization, timeline generation, evidence indexing, and report skeleton drafting.
• Apply AI-assisted development ("vibe coding" for rapid prototyping) to accelerate delivery of scripts/tools, while enforcing engineering guardrails (human review, tests, change control, and auditability).
• Engineer scenario-based playbooks, templates, and query packs to standardize cross-domain investigations and reduce manual, repetitive work.
• Provide L2 technical support for complex/adversarial cases and productize high-frequency steps discovered in real cases.
• Drive proactive risk discovery through case-informed hunting and data mining: generalize patterns from cases, run targeted hunts across multi-source telemetry, validate signals, and produce actionable findings.
• Convert investigation and hunting outcomes into reusable improvements: playbooks, dashboards, detection use cases, data quality requirements, logging gaps, and control/process recommendations.

• Hands-on scripting/engineering ability for automation (Python,Go)
• Experience working with enterprise telemetry at scale (querying, correlation, pivoting) across multiple sources (internal platform audit logs, identity/cloud logs, endpoint/server telemetry, network logs, DLP).
• Ability to design workflows that produce defensible outputs: clear reasoning, evidence traceability, repeatable analysis steps, and auditable metadata.
• Solid understanding of investigation/DFIR fundamentals and common investigation patterns (data access, staging, exfiltration/misuse, and scope assessment).

Preferred Qualifications

• Background in one or more of: DFIR, incident response engineering, security automation/SOAR, threat hunting, detection engineering, security data engineering, or technical investigations (years of experience not a hard requirement).
• Experience building investigation/forensics tooling or automation that measurably reduces manual effort and improves consistency (e.g., one-click exports, auto-timeline, evidence index generation, report drafting).
• Experience with AI-assisted engineering workflows for building security tooling (code generation, refactoring, test generation, documentation), with strong discipline around code review, testing, and change control.
• Familiarity with evidence defensibility requirements in regulated environments (audit support, evidence requests, privacy constraints, minimization).
• Experience with cross-domain investigations combining DLP + identity/cloud + endpoint/EDR/HIDS + network telemetry + internal platform audit logs.

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience., TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo., Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect - and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day., TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.