Global Security Architect at ByteDance in Washington, DC

As a Security Architect, you will be part of the team responsible for the architecture of ByteDance’s global information & cyber security posture worldwide. In this role, you will be working with the cross functional teams to develop ByteDance’s globally converged technological security strategy, which will in turn; drive the future security roadmap for ByteDance’s enterprise protection model, product security protection programs and go-to-market platform protection models. You will tactically implement the strategic direction you helped defined by the Head of Global Security Architecture.

You will collaboratively provide evaluations, analyses, troubleshooting, and guidance related to system, network, application and security architectures. As a team member, you will develop security guidance, best practices, and general corporate security standards for on-premise and Cloud security reference architectures. You will also perform security reviews, and traceable security services. Additionally, you may perform Threat Modeling, analyzing security events and incidents to improve technical maturity & rigor.

The preferred candidate will be responsible for supporting these efforts in collaboration with the Head of GSA and the rest of the team for ByteDance worldwide across a broad set of security disciplines providing an integrated security ecosystem to deter, detect, defend, and respond to business impacting security, operational security, privacy, and risk issues. The candidate must have skills in conducting technical analysis of security and business problems, as well as threats, incidents, investigations, workforce protection and other general security related issues. The candidate must also have the ability to communicate well, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate technical information as appropriate in support of ByteDance’s critical business, go to market, and operational infrastructure needs.

Tasks and Responsibilities:

• Implement Global Security Architectural Standards, Design Patterns, Reference Architectures, Sub-Domain Strategies and Roadmaps, which will be used to define the security principles and constructs in which all ByteDance product sets and IT infrastructure will be designed with to incorporate consistent and appropriate security measures, controls, and protections

• Provide a point of view for security solutions that can be impacted by new technologies (cloud, mobility, virtualization), and business drivers (M&A, new business models)

• Develop an integrated security fabric that enables a global threat, risk, privacy, and protection architecture across multiple go to market, enterprise, and operating platforms

• Support the design and implementation of technical security programs (people, process, and technology) to mitigate security threats and risks that may impact the business through a holistic global program-oriented approach

• Work with the business and divisional security leadership to design and build operational protection platforms globally that enable, enhance, and extend ByteDance’s ability to service and protect our customers/users’ needs and interests

• Assess, document and implement mitigation strategies for newly discovered threats or vulnerabilities that may impact the company as part of a security incident

• Interact with users to define system requirements and/or necessary modifications to new or existing software in support of security requirements

• Interface with usability team to ensure user-facing privacy controls are usable

Qualifications

Minimum Qualifications

• Bachelors’ Degree or industry equivalent work experience in international security architecture and engineering in a converged security program

• CISSP certification and 3-5 years applicable experience

• Candidates should be an expert in Windows, *nix environments, Cloud Platforms (GCP and AWS preferred) as well as Kubernetes/Docker

• Advanced understanding of TCP/IP and network communications

• Advanced systems and network administration skills

• Advanced proficiency in designing, deploying and maintaining security architectures in enterprise class organizations

• Advanced proficiency in computer security incident handling and the Advanced Persistent Threats

• In depth knowledge of computer security forensics and security vulnerabilities

• Excellent analytical and problem-solving skills

• Excellent communication skills (verbal and written), ability to influence without authority

• Ability to balance risks in ambiguous and complex situations

• Demonstrated teamwork and collaboration skills, in particular in contributing to global and multi-functional teams

• Highly motivated to contribute and grow within a complex area of emerging importance

• Experience or understanding of software applications design tools and languages

• Understanding of design for software applications running on multiple platforms

• Understanding of testing, coding and debugging procedures

• Demonstrated working knowledge of software engineering fundamentals and Dev/Sec/Ops practices

• Competent in the interpretation of numeric data and understanding of statistical principles

• Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations

• Works well under pressure and within time/budget constraints to solve problems or meet objectives

• Excellent fundamental knowledge of industry standard security frameworks

• Strong analytical/problem solving skills and cross functional knowledge across multiple IT operational and security disciplines

• Ability to communicate technical concepts to a broad range of technical and non-technical staff

• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

Preferred Qualifications

• One or more programming/scripting languages (e.g., C++, Perl, Java, Python, etc.)

• In depth knowledge in the use of databases for reporting (SQL language)

• Working knowledge of the applications of Artificial Intelligence in security

• GCIH, GCIA, or CISSP

• Preferred candidate will have the ability to obtain a US Government Secret Security Clearance