Product Security Validation Architect - Global Security Organisation

Responsibilities

Team Introduction:
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.

Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.

Security Tools Operations and Validation team's responsibilities include designing and implementing IT security solutions that address the organization's needs, assessing risks and vulnerabilities, and developing strategies to mitigate them, validation of security technical controls.

The role will be responsible for architecture design and optimization, red team validation, metric operation for TikTok Product Security This role will use the solid experience in cybersecurity and architecture to implement the deep cyber defense technology for TikTok. Pushing remediation of current GAPs in Secure SDLC is another important function. This role will lead the team to push cross functional teams fixing issues of Secure SDLC. This role will lead cross functional teams to implement best practice of Secure SDLC in the company. This role will be responsible for TikTok's maturity in Secure SDLC domain.

Responsibilities:
- Define and validate product security technical controls, design the automation validation architecture
- Work with XFN teams to implement Security by Design and shift-left technical security controls. Define and enforce secure architecture standards and patterns to prevent common security issues, pushing implementation in product and developers
- Accountable for end-to-end solutions to complex SDLC issues, lead the effort of technical coordination and evaluation of remediation.

Qualifications

Minimum Qualifications:
- A bachelor's (master's preferred) degree in computer science, information technology, cybersecurity, or a related field is usually required.
- Strong understanding of Secure SDLC with best practice in industry
- Strong experience in Cybersecurity technologies, including penetration tests, security assessment, familiarity with SAST, DAST, SCA security tools etc