Job Description

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.

Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.

We are looking for a Detection Analyst who enjoys solving security problems through software. In this role, you will build the systems, pipelines, and detection logic that turn threat intelligence into scalable detection capabilities for our partners.

This is a hands-on engineering position for someone who excels in coding and enjoys building production-quality solutions. You will work at the intersection of threat intelligence, data engineering, and detection development to operationalize intelligence into reliable tools, pipelines, and automated detections.

What You’ll Do

- Build Threat-Informed Detections: Design, implement, and maintain detection logic based on threat intelligence, attacker behaviors, fraud patterns, and abuse trends.

- Develop Production-Grade Pipelines & Tooling: Write clean, maintainable code to collect, ingest, normalize, enrich, and serve data used for detections and investigations.

- Turn Intelligence into Engineering Outputs: Translate threat reports, indicators, and behavioral patterns into scalable detection content, enrichment workflows, and monitoring logic.

- Improve Detection Quality: Measure detection performance, tune logic, reduce noise, and improve coverage through data-driven iteration.

- Build Internal Tools: Create services, scripts, workflows, or lightweight applications that help analysts and investigators search, analyze, and act on threat data more efficiently.

- Collaborate Cross-Functionally: Partner with Threat Intelligence, Security Engineering, Product, and business teams to design, validate, and deploy detection capabilities into production.