Responsibilities
About the team
PDPO(Privacy and Data Protection Office) is the organization to lead, supervise, and empower all TikTok's privacy work in an accountable and industry leading way. This team is the expert in the landscape of privacy risks and passionate about consulting across the company on implementing the proper safeguards and technical mitigations to ensure that our users' privacy is honored across the TikTok's products and platforms.
What you'll do:
- Conduct in-depth technical assessments focused on finding privacy issues in internal and external facing systems, products, and services.
- Collaborate closely with engineering and product teams to integrate privacy-preserving security measures throughout the software development lifecycle (SDLC).
Want more jobs like this?
Get Software Engineering jobs in Singapore delivered to your inbox every week.
- Research and analyze emerging threats in privacy, proactively identifying mitigation strategies and testing methodologies to protect user data.
- Automate privacy-focused assessments through tooling, scripts, and frameworks to enhance scalability and efficiency.
- Support the development of practices, processes, mechanisms, and the documentation for these activities, both internally and with working groups.
Knowledge, Skills & Abilities:
- Strong Computer Science, Security engineering and Privacy engineering fundamentals
- Deep understanding of privacy engineering concepts (such as data minimization, anonymization, secure data processing)
- Strong foundation in penetration testing / red teaming
- Strong foundation in manual secure code review, with the ability to identify privacy vulnerabilities, security flaws, and data leakage risks in applications and services.
- Able to collaborate, prioritize duties, and work well on your own
- Excellent interpersonal and communication skills, with the ability to work cross-functionally with engineering, legal, and compliance teams.
Qualifications
Minimum Qualifications:
- 3+ years work experience in web security or data security
- Experience in Penetration Testing or Red Team exercises
- Strong ability to analyze complex systems for privacy risks and provide actionable privacy recommendations.
- Ability to understand and apply privacy foundational concepts
Preferred Qualifications:
- Experience making contributions to the security or privacy community, such as public research, blogging, presentations, bug bounties, CVEs, etc.
- Experience with common testing frameworks, such as the MITRE ATT&CK framework
- 2+ years work experience with scripting language including code maintenance and review
- Experience implementing or assessing the implementation of GDPR, CCPA, or equivalent privacy regulation
- Experience with tools used to perform Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST)
#LI-DC4