TikTok is hiring for jobs in cybersecurity and insider risk to prevent leaks

  • TikTok is hiring for two new security roles focused on protecting against insider leaks.
  • New employees will monitor abnormal employee patterns and the dark web to protect company data.
  • TikTok has faced high-profile leaks in the press that have increased scrutiny of its data practices.

TikTok is recruiting for two insider risk-focused security roles as it seeks to bolster its insider leak defense.

The job postings, one for a Counterintelligence Analyst and the other for an Insider Risk Surveillance Analyst, will both be based in Washington, D.C., and will report to the new U.S. Data Security Division of the society.

New recruits will monitor TikTok’s own employees to identify behaviors that could reveal a staff member leaking classified information to the press, or trade secrets to competitors or bad actors, according to four cybersecurity recruiters who have reviewed the counterintelligence analyst job posting for Insider.

Spying on co-workers to keep company secrets can be a lonely job.

“You’re not everyone’s best friend,” said Giancarlo Hirsch, chief executive of Glocomms, a cybersecurity, AI, data science and software recruitment firm that has worked with TikTok to fill security roles. . “You’re not at the lunch table having fun with everyone.”

Nonetheless, having security teams dedicated to monitoring the activity of employees and other “insiders” with access to data, such as vendors, is common in large companies across all industries, especially enterprise with valuable data and intellectual property assets like banks and technology companies.

JPMorgan Chase, for example, collects vast amounts of data about what its employees do during the workday, leading some staff to fear that it could use keystroke data to detect slackers on its teams.

Leaks can create huge headaches for Big Tech brands, either revealing valuable trade secrets to competitors or sharing incriminating company information with journalists. Facebook (now Meta Platforms) has had several high-profile data flows over the past few years, including when former staffer Frances Haugen passed a trove of sensitive documents to the Wall Street Journal and other outlets that led at a congressional hearing.

How Insider Leaks Threaten TikTok’s Business

TikTok’s decision to strengthen its own insider risk monitoring comes at a pivotal time for the company, when scrutiny of its business and data security practices is high.

In June, BuzzFeed News used leaked audio from 80 internal meetings to report that employees of TikTok’s parent company, ByteDance, had accessed some US TikTok user data in Beijing. The story sparked outrage from some in DC, leading to calls from members of Congress to investigate the use of company data and an FCC commissioner to ask that it be purely and simply banned from app stores.

“One of [TikTok’s] The key elements are building trust with their users, and I think anytime you have leaks or whatever, that will impact reputational risk,” said Cybersecurity Recruiter Bryan Kirby. at the executive search firm Kirby Partners. “When you think about information security, the number one attack vector is employees. 60% of data breaches are the result of insider threats.”

Leaks to journalists are just one of many high-stakes vulnerabilities that TikTok’s security team faces when considering insider risk, experts told Insider.

With over a billion monthly users worldwide, TikTok has cemented its place as a top contender in the social media and entertainment category. The company’s differentiating features, such as its content discovery algorithm, are likely prime targets for those looking to disrupt or compete with its business. The app could also be a target for foreign actors looking to gain influence, or hackers aiming to sell TikTok’s proprietary data on the dark web.

“TikTok is such a target,” said Deidre Diamond, founder and CEO of CyberSN, a job marketplace and cybersecurity recruitment company. “All it takes is one disgruntled employee to wreak havoc.”

TikTok declined to comment on the filing regarding its security job openings. A spokesperson referred Insider to a July blog post by Vice President of Public Policy Michael Beckerman where the executive pointed out that TikTok downplays the number of people who have access to certain data and that it implements a “robust series of controls, safeguards like certain data encryption, and authorization approval protocols overseen by our US-based security team.”

Are you a TikTok employee with ideas to share? Do you have any advice? Contact Dan Whateley at dwhateley@insider.com using a non-work device. For secure messaging via Signal, send a Twitter DM to @dwhate.

Leave a Reply