Lead Vulnerability Engineer

Join us.

The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk.

The Lead Vulnerability Engineer is tasked with the day to day activities of the Vulnerability Management Team. They schedule, conduct, and regularly review vulnerability scans, analyzing for key risks and escalating where needed. They should be aware of current policies and procedures and ensure they are being followed properly. The Lead Vulnerability Engineer should have hands on experience with vulnerability management tools and be able to mentor and advise other team members.

Tasks and Responsibilities:
Vulnerability Assessment:
- Thoroughly review, evaluate and validate vulnerability reports received from security researchers, vendors, or internal sources to determine their legitimacy and impact on our applications. Evaluate vulnerabilities based on severity and reduce false positives
- Provide expert guidance and recommendations to development teams on how to effectively remediate/patch vulnerabilities, including code changes, configuration adjustments, and best practices in secure coding
- Stay updated on the latest cybersecurity threats and vulnerabilities
- Integrate threat intelligence into vulnerability management processes
- Analyze threat data to identify potential risks and recommend proactive measures
Security Tool Management:
- Manage and configure vulnerability scanning tools and other security technologies
- Optimize tool configurations to maximize accuracy and efficiency
Documentation and Reporting:
- Develop processes and document procedures for use by other team members and to enhance efficiencies
- Maintain regular communication with Vulnerability Management Lead and organizational management for collaboration, process optimization, tools tuning, and information sharing
- Generate regular reports on vulnerability status, remediation progress, and key metrics
Security Awareness Training:
- Promote security awareness within the organization by conducting training sessions, sharing insights on emerging threats, and fostering a culture of security consciousness
Scripting Coding & Automation:
- Develop scripts, plugins, or integrations to automate repetitive tasks and streamline workflows
- Develop custom tools or applications to address specific automation needs within the vulnerability management process
- Write and maintain scripts (e.g., Python, PowerShell) to automate vulnerability scanning, analysis, and remediation activities
- Coordinate and communicate with cross-functional teams throughout the VM lifecycle
Compliance & Audit Support:
- Participate in audits and assessments to validate vulnerability management processes
- Implement controls to address compliance requirements related to vulnerabilities

Qualifications

Minimum Qualifications:
- Bachelor's Degree or industry equivalent work experience in vulnerability management in a security program
- Approximately 5-7 years of applicable experience
- Knowledge of common vulnerabilities and remediation steps (e.g., OWASP Top 10, Patch Management).
- Relevant certifications such as CISSP, CEH, or equivalent are a plus.
- Hands on operational experience with vulnerability management tools (e.g. Qualys, Nexpose) including the ability to deploy, configure, and run these tools
- Knowledge of vulnerability scoring systems (e.g. CVSSv3)
- Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
- Ability to handle large datasets and perform vulnerability analysis
- Ability to work alongside other security functions to determine vulnerability scoring and impact
- Ability to examine issues both strategically and analytically
- Ability to work collaboratively in a team environment
- Strong communication skills, both written and verbal, for effective collaboration with development teams
- Strong analytical and problem-solving skills
- Detail oriented, organized, follow up skills with an analytical thought process
- Project management experience

Preferred Qualifications:
- CISSP, CISM, or equivalent certification
- Familiarity with vulnerability management across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud, etc.)
- Working knowledge/experience with Python, SQL and REST APIs
- Ability to handle ambiguity and collaborate with a global team
- Ability to coach junior staff and contractors

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at gprd.accommodations@tiktok.com

#LI-Hybrid

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $118800 - $269800 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Our company benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support our employees to give their best in both work and life. We offer the following benefits to eligible employees:

We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.

Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off (PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.

We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice.