Responsibilities
Team Introduction
The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.
Want more jobs like this?
Get Software Engineering jobs in Singapore delivered to your inbox every week.
Overview
As part of the Threat Management, Incident Response & Investigation (TMIRI) team, you will join the Product Security Incident Response (ProdSecIR) team, supporting TikTok's Threat Detection and Response (TDR) team. ProdSecIR manages product security incidents, develops internal security initiatives, investigates and validates reported vulnerabilities.
Responsibilities
- Be the incident commander for product security related incidents when they occur.
- Analyze incidents to identify key issues and coordinate workstreams with global cross-functional teams for rapid resolution.
- Identify gaps in TikTok's defences and work with the relevant stakeholders to address them.
- Recommend best-practice security solutions and oversee remediation efforts with relevant teams.
- Validate product vulnerabilities and perform variant analysis to uncover related security weaknesses.
- Apply deep expertise in security vulnerabilities to strengthen product security.
- Conduct research and penetration testing to discover security gaps and potential exploits.
- Identify systemic vulnerabilities and drive remediation efforts with the appropriate teams.
- Utilize strong coding skills to develop and automate security tools, enhancing detection and protection mechanisms.
Qualifications
Minimum Qualification:
- Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.
- Minimum 5 years experience in a similar role or in the vulnerability management space.
- Strong knowledge of some of these various disciplines: web application security, mobile app security, cloud security and thick client security.
- Deep understanding of security vulnerabilities, their exploitation methods, and best-practice mitigations.
- Hands-on experience with identifying and remediating common product security vulnerabilities.
Preferred Qualifications:
- Proficiency in Python or Golang, with expertise in regular expressions for security automation.
- Experience in reviewing and analyzing source code in at least one of the following languages: JavaScript (Node.js), Go, Python, Java, C++, or Rust.
- Familiarity with security frameworks, standards, and methodologies, including OWASP, secure coding guidelines, and industry best practices.
- Strong communication skills with the ability to collaborate across global teams.
- Preferred certifications - OSCP, OSCE³