Privacy Engineer (Validation) - PDPO (Singapore)
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and its offices include New York, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day. To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve. Join us.
The Privacy and Data Protection Office (PDPO) Org is responsible for leading, supervising, and empowering all of TikTok’s privacy work in an accountable and industry-leading way. The PDPO team has particular expertise in privacy risks and passionately consults across the company to implement proper safeguards and technical mitigations that ensure our users’ privacy is respected across all of TikTok’s products and platforms.
TikTok's Privacy & Data Protection Organization is expanding our Privacy Validation and Detection Engineering (VaDE) Team. TikTok's Privacy VaDE Team is responsible for validating potential privacy gaps, developing robust detections to enable continuous privacy monitoring, and providing technical engineering support during urgent incident & inquiry response efforts.
As a Privacy Engineer on the VaDE team, you will play a crucial role in protecting the privacy of our global user base. This role involves triaging and analyzing security & privacy reports submitted by researchers, ensuring compliance with regulations such as GDPR, identifying privacy incidents, and coordinating with incident responders and the legal team.
Responsibilities
- Perform tests on suspected privacy vulnerabilities to validate the presence of a vulnerability and gather evidence to support remediation efforts.
- Assist in privacy-related incident and inquiry response efforts by performing technical investigations on privacy incidents, identifying root causes, and recommending mitigation and remediation actions to prevent future occurrences.
- Work closely with development and product teams to incorporate privacy best practices into the design and development of new products and features. Advocate for "privacy by design" principles to embed privacy considerations throughout the product development lifecycle.
- Collaborate with legal and compliance teams to maintain and improve privacy policies and procedures.
- Maintain detailed records of privacy assessments, testing, detections, and related activities. Generate regular reports for management and stakeholders, providing insights on privacy risks.
- Stay up-to-date with global privacy regulations, such as GDPR, CCPA, or other relevant data protection laws. Ensure our organization's practices align with applicable privacy laws and standards.
- Support the development of practices, processes, mechanisms, and documentation for the above activities, both internally and within working groups.
Qualifications
Minimum Qualifications:
- Experience with Penetration Testing or Red Team exercises.
- Familiarity with common web security concepts, including OWASP Top 10.
- Expertise in various security disciplines such as web application security, mobile app security, and cloud security.
- Excellent understanding of data handling processes, data flows, and data lifecycle management.
- Familiarity with core privacy concepts such as data minimization, purpose limitation, data sovereignty, transparency, and data retention.
- Effective communication skills to interact with technical and non-technical stakeholders.
Preferred Qualifications:
- Have contributed to the security or privacy community, such as conducting public research, blogging, giving presentations, participating in bug bounties, CVEs, etc.
- At least 2 years of work experience with scripting languages and/or software development.
- Experience implementing or assessing the implementation of GDPR, CCPA, or equivalent privacy regulation.
- Familiarity with privacy-enhancing technologies and data anonymization techniques.
- Relevant certifications in privacy and data protection (e.g., CIPP/E, CIPM, CIPT, OSCP) are a plus.
- Experience with security testing tools such as Burp Suite.
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
