Security Strategy, Risk, and Resilience (SRR) Senior Third Party Security Monitoring Specialist
Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The Security Strategy, Risk, and Resilience team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.
This role is for a strategic and hands-on cybersecurity practitioner who will be a key player in securing TikTok's vendor integrations and technical connections. You'll move beyond procedural reviews to directly validate, monitor, and secure how third parties connect to our platforms and data. Your work will ensure integrations are safe, resilient, and do not expand TikTok's attack surface.
If you are a curious, technically strong, and collaborative security professional who thrives at the intersection of architecture and resilience, this role is for you. We are looking for someone who can balance deep technical expertise with strategic foresight, driving impact across engineering, procurement, and security teams.
As the Third Party Security Monitoring Specialist, you will be responsible for:
- Secure Integration Design: Review, validate, and architect secure technical integrations with third-party vendors, including APIs, network tunnels, and cloud configurations
- Continuous Monitoring: Implement and integrate automated monitoring for network logs and configurations
Want more jobs like this?
Get jobs in Washington, DC delivered to your inbox every week.
- Resilience Validation: Ensure vendor integrations are redundant, recoverable, and aligned with TikTok's business continuity and cybersecurity resilience standards
- Risk Mitigation at Scale: Identify and remediate integration risks early in the vendor lifecycle (pre-onboarding, post-onboarding, and during ongoing operations)
- Collaboration & Enablement: Work closely with Procurement, Legal, IT, and business units to embed security into the procurement process and ensure secure third-party operations
Qualifications
Minimum Qualification(s):
- Deep technical knowledge of API security, network integrations, cloud configurations, and identity/access management
- Strong technical background in cloud platforms (AWS, GCP, Azure) and securing cloud-native integrations
- Proficiency in conducting technical and procedural security assessments. You know what to look for and can articulate complex security issues to both technical and non-technical audiences
- Strong project management skills with a proven ability to manage multiple projects simultaneously, meet deadlines, and work effectively with diverse teams
- Ability to articulate complex security risks and recommendations clearly and concisely to leadership and stakeholders
- Deep understanding of how cybersecurity impacts business operations. You can connect technical risks to business outcomes
- Ability to work a hybrid schedule from the Washington, D.C. TikTok Office at least 3 times a week
Preferred Qualification(s)
- 5 years of hands-on experience in cybersecurity, with proven expertise in network traffic monitoring, threat detection, and security engineering across diverse environments
- Experience in the technology industry
- Relevant industry certifications such as CISSP, CISM, CISA, CRISC, or similar
- A bachelor's degree in a relevant field (e.g., Cybersecurity, Computer Science, Information Systems) or equivalent practical experience
- Experience with GRC (Governance, Risk, and Compliance) platforms and automation tools used for third-party risk management
- A solid understanding of cloud security principles (e.g., AWS, Azure, GCP) and how they apply to third-party risk
Perks and Benefits
Health and Wellness
- Health Insurance
- Dental Insurance
- Vision Insurance
- HSA
- Life Insurance
- Fitness Subsidies
- Short-Term Disability
- Long-Term Disability
- On-Site Gym
- Mental Health Benefits
- Virtual Fitness Classes
Parental Benefits
- Fertility Benefits
- Adoption Assistance Program
- Family Support Resources
Work Flexibility
- Flexible Work Hours
- Hybrid Work Opportunities
Office Life and Perks
- Casual Dress
- Snacks
- Pet-friendly Office
- Happy Hours
- Some Meals Provided
- Company Outings
- On-Site Cafeteria
- Holiday Events
Vacation and Time Off
- Paid Vacation
- Paid Holidays
- Personal/Sick Days
- Leave of Absence
Financial and Retirement
- 401(K) With Company Matching
- Performance Bonus
- Company Equity
Professional Development
- Promote From Within
- Access to Online Courses
- Leadership Training Program
- Associate or Rotational Training Program
- Mentor Program
Diversity and Inclusion
- Diversity, Equity, and Inclusion Program
- Employee Resource Groups (ERG)
Company Videos
Hear directly from employees about what it is like to work at TikTok.