Attack Surface Management Lead - Global

Responsibilities

About TikTok: TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, with offices in New York, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.

Creation is the core of TikTok's purpose. Our products are built to help imaginations thrive. Together, we inspire creativity and enrich life.

To us, every challenge, no matter how ambiguous, is an opportunity to learn, innovate, and grow as one team. At TikTok, we create together and grow together, driving impact for ourselves, our company, and the users we serve.

Team Introduction

The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations:

1. Champion Transparency & Trust by prioritizing customer trust and placing user needs first.
2. Maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development.
3. Be a Business Catalyst & Enabler by ensuring our Global Security operations are fast and agile.
4. Drive Empowered & Risk-Informed Decision Making by providing leaders with the necessary information for agile decision-making based on risk.

We follow a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. Responsibilities include:

• Lead a team of vulnerability researchers to scan, evaluate, and remediate attack surfaces to improve security postures.
• Monitor and analyze emerging cyber threats, vulnerabilities, and exploits relevant to our infrastructure and products.
• Conduct research and analysis of reports from the Bug Bounty program, stay up to date with current vulnerabilities, and provide detailed risk analysis and potential impact.
• Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations.
• Collaborate with cross-functional software engineering teams in developing products and services for delivering security assurance.

Qualifications

Minimum Qualification:

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or other relevant majors.
• Passion and self-motivation for security research, especially in discovering real-world security problems and addressing in-the-wild security threats.

Deep understanding of vulnerability analysis and discovery, as well as exploitation processes and techniques:

• Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
• Experience with Vulnerability Research.
• Research experience in two or more of the following: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, operating system internals and hardening (e.g., Windows, Linux, OS X, Android), network security, vulnerability management, penetration testing, or applied cryptographic concepts.

Preferred Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, or a technical field (or equivalent work experience).
• Professional certifications in Cybersecurity (OSCP, GCIH, GREM, GNFA, or other relevant certifications).
• Experience working and investigating incidents in Cloud environments (e.g., AWS, GCP).
• Familiarity with container technologies such as Docker and Kubernetes.
• A strong background in data science, AI, machine learning, and deep learning.

Experience in applying AI technology to the security domain is highly preferred. TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform