Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get jobs in Washington, DC delivered to your inbox every week.
SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains. The role will be responsible for design and development of Product Security technical controls required by security policy and regulations. The validation targets include product security of TikTok product family and Secure SDLC process. It will provide a solid foundation to evaluate maturity for TikTok product family and Secure SDLC. The role will operate and maintain the Large Language Model (LLM) product security validation system and knowledge base.
Responsibilities
- Responsible for optimizing and fine tuning of the output of AI driven product security validation platform, ensuring the outputs are safe, reliable, and policy-compliance
- Implement and improve prompt engineering of the AI validation platform, operating on filters to reduce hallucinations and mitigate error outputs
- Operate and maintain the AI-driven security requirement generation system to ensure high-quality output for product teams, define metrics and benchmarks to evaluate model output quality
- Expand and manage the security knowledge base, incorporating the latest threat intelligence, compliance standards, and security best practices.
- Validate system-generated requirements to ensure alignment with security best practices and compliance standards and TikTok specific security policies/standards
- Collaborate with AI/ML engineers to integrate domain-specific security knowledge into the model pipeline.
- Train and guide team members on security frameworks, standards, and tools.
Qualifications
Minimum Qualifications
- Hands-on experience with AI/ML operations and applications, with operational knowledge of large language models (LLMs) is a big plus
- Excellent problem-solving and analytical skills.
Preferred Qualifications
- Bachelor's or Master's degree in Computer Science, AI/ML, Cybersecurity, or related fields
- 3+ years of experience in cybersecurity technologies or operations, including areas such as penetration testing, secure SDLC, security development, compliance, and governance
- Familiarity with LLMs and techniques like fine tuning, and retrieval-augmented generation (RAG).
- Operation knowledge on vector databases and text embedding models
- Solid experience in data engineering workflows
- Proven experience in validating and operationalizing AI systems in a security context.
- Experience creating and maintaining expert knowledge bases
- Strong experience in risk management and compliance standards for AI-driven products
- Certifications such as CISSP, CSSLP, CEH, or equivalent.