Red Team Operator, Offensive Security Operations - USDS

- Engagement in all phases of Red Team security operations
- Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
- Perform network reconnaissance and open source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized TikTok targets
- Develop scripts, tools, or methodologies to enhance TikTok's red teaming capabilities
- Help to execute the Red Team strategy to further enhance TikTok's security posture
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
- Provide guidance to advance the defensive capabilities of the Business Operations team and its subsequent ability to defend the TikTok
- Understand business processes, internal control risk management, IT controls and related standards
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Understand clients' business environment and basic risk management approaches
- Build and nurture positive working relationships with internal clients with the intention to exceed their expectations

Qualifications

Minimum Qualifications
- Bachelors' Degree or industry equivalent work experience in IT, Computer Engineering or a similar field
- Relevant, recent and verifiable experience in information security and adversary simulation
- Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- 5+ years experience in two or more of the following areas:
- Network penetration testing and manipulation of network infrastructure
- Web application penetration testing assessments
- Email, phone, or physical social-engineering assessments
- Developing, extending, or modifying exploits, shell code or exploit tools
- Experience with Red, Blue, or Purple teaming exercises
- Open to travel as the need arises to perform testing on-site e.g. Data centers, office locations etc. (Estimated Frequency: once per month)

Preferred Qualifications
- Experience in large scale information technology implementations and operations preferred
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN

Client-provided location(s): Washington, DC

Job ID: TikTok-7465046871184361735

Employment Type: OTHER

Posted: 2025-02-01T00:40:07