Lead Vulnerability Engineer (Multiple Positions)

Responsibilities

About TikTok
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy.
TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.

Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect - and our global, diverse teams make that possible.
Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company.
Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come.
By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users.
When we create and grow together, the possibilities are limitless.
Join us.

About the Team
Our team plays a crucial role in ensuring the company's success. We seek people who are willing to learn and put in the effort to solve problems. Our challenges are not your regular day-to-day problems - you'll be part of a team that's developing new solutions to new challenges. It's working fast, at scale, and we're making a difference. We are looking for talents to join us on this exciting journey!

Responsibilities
Manage and improve vulnerability management processes by evaluating threats to IT systems, applications and software and continuously integrating threat intelligence to mitigate risks.
Coordinate and communicate with cross-functional teams throughout the Vulnerability Management (VM) lifecycle.
Manage day-to-day activities, including scheduling, conducting, and reviewing vulnerability scans, analyzing for key risks and facilitating exception handling and escalations.
Review, evaluate and validate vulnerability reports received from security researchers, vendors, or internal sources to assess their legitimacy and impact on internal applications.
Recommend to development teams proactive measures to remediate vulnerabilities, including code changes, configuration adjustments, and best practices in secure coding.
Develop custom tools or applications to automate repetitive tasks and streamline workflows.
Participate in audits and assessments to validate vulnerability management processes and implement controls to address compliance requirements.
Conduct training sessions and share insights on emerging threats to promote security awareness within the organization.
Stay updated about the latest cybersecurity threats and vulnerabilities.
Mentor junior-level team members.

Qualifications

Qualifications
Must have a Bachelor's degree or foreign equivalent degree in Computer Science, Engineering (any), Information Technology, Information Systems, Information Assurance, Network Security, Cybersecurity, or a related field, and 5 years of post-bachelor's, progressive related work experience.

Of the required experience, must have 5 years of experience in each of the following:
Designing enterprise-wide automated security processes and streamlining security operations including risk assessment and vulnerability management;
Performing and controlling vulnerability assessments to identify access control issues and conducting process awareness training;
Assessing current and emerging threats, cyberattacks, and zero-day vulnerabilities and recommending security controls and corrective actions to mitigate vulnerability risk;
Performing root cause analysis, testing solutions, and creating technical solutions documents to remediate vulnerabilities;
Deploying, configuring and running vulnerability management tool including Qualys or Nexpose;
Using vulnerability scoring system: (i) CVSSv3; (ii) EPSS; (iii) SSVC; or (iv) VPR; and
Experience with common vulnerabilities and remediation steps, including OWASP Top 10 and Patch Management.

Travel Requirement: Domestic travel required up to 5%.

Type: Full time, 40 hours/week
Location: Washington, DC
Salary Range: $179820 - $336960 per year

To Apply, click the apply button below. Contact lpresumes@tiktok.com if you have difficulty submitting resume through the website.

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request