Responsibilities
About TikTok U.S. Data Security
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this
commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Want more jobs like this?
Get jobs in New York, NY delivered to your inbox every week.
Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.
About the Team
Our team plays a crucial role in ensuring the company's success. We seek people who are willing to learn and put in the effort to solve problems. Our challenges are not your regular day-to-day problems - you'll be part of a team that's developing new solutions to new challenges. It's working fast, at scale, and we're making a difference. We are looking for talents to join us on this exciting journey!
Responsibilities
Build, develop, and maintain a team of cyber security practitioners to provide red teaming, penetration testing, code scanning, and vulnerability management services to the organization.
Develop Red Teaming, Penetration Testing, Code Scanning, and Vulnerability Management policies and procedures.
Develop continuous testing tools to evaluate the effectiveness of security and privacy controls.
Research and develop novel approaches for identifying susceptibility tools, tactics and techniques used by adversaries in the wild.
Validate security controls and incident response through offensive security operations.
Lead the team to enhance existing services offerings and security testing capabilities and conduct hands-on technical testing focused on detection and response that necessitates continuously customized tooling to avoid AV, EDR, and other defensive tools and technologies.
Apply security testing and penetration testing techniques and mindset to a wide range of projects, become part of a team of security enthusiasts that perform cutting-edge research, and promote an environment of innovation and knowledge-sharing.
Plan, coordinate, authorize, and execute threat intel informed, scenario based, red and purple team operations; both short and long duration.
Conduct full exploitation within multiple environments, including complex Active Directory and mixed Windows and nix environments.
Identify and communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel.
Qualifications
Qualifications
Must have a Master's degree in Computer Science, Engineering (any), Information Technology, Information Security, Cybersecurity, or a related field, and 6 years of related work experience; OR, a Bachelor's degree in Computer Science, Engineering (any), Information Technology, Information Security, Cybersecurity, or a related field, and 8 years of related work experience (of which 5 years must be progressive, post-baccalaureate experience).
Must have 3 years of experience in each of the following skills:
Leading and managing a medium-sized team of cyber security practitioners;
Conducting network vulnerability assessments, web application security testing, network penetration testing, and red teaming including cloud-based red team infrastructure creation and development;
Experience with Endpoint Detection and Response (EDR) evasion, email sandbox evasion, and network egress control evasion;
Experience with Active directory (AD) and Kerberos;
Experience with at least one of the following offensive tools/platforms: Kali Linux, Cobalt Strike, Metasploit, Covenant, Sliver, Bloodhound, Ghostpak, Nmap, Nessus, Zmap, Massscan, EyeWitness, or Burp Suite;
Experience with Adversary Emulation in at least one of the following domains: Cybersecurity incident handling, Advanced Persistent Threats, social engineering tactics, defensive tools and platforms, MITRE ATT&CK/D3FEND, or vulnerability tracking and remediation; and
Experience in at least one of the following programming languages/development tools: C/C++, C#, Java, Golang, .NET, VBscript, Javascript, Python, PowerShell, or Visual Studio.
Employer: TikTok U.S. Data Security Inc.
Type: Full time, 40 hours/week
Location: New York, NY
Salary Range: $255944 - $410000 per year
To Apply, click the apply button below. Contact lpresumes@tiktokusds.com if you have difficulty submitting resume through the website.
TikTok U.S. Data Security is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok U.S. Data Security, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok U.S. Data Security is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at lpresumes@tiktokusds.com
#LI-DNI
Job Information
[For Pay Transparency] Compensation Description (annually)
The base salary range for this position in the selected city is $255944 - $410000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
For Los Angeles County (unincorporated) Candidates:
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:
1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.