Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Senior Privacy Engineer (RED team) - TikTok PDPO

5 days ago San Jose, CA

Responsibilities

About the team:
The Privacy and Data Protection Office (PDPO) leads, supervises, and empowers all of TikTok's privacy work in an accountable and industry-leading way. The team is the in-house expert on the privacy risk landscape and partners across the company to implement the safeguards and technical mitigations that ensure users' privacy is honored across TikTok's products and platforms.

The Global Privacy Red Team within PDPO is looking for a senior red team engineer who can operate independently from day one - driving complex assessments end-to-end, pioneering new techniques to surface privacy risks at scale, push the state of the art in offensive privacy testing and help TikTok continue to raise the bar on user privacy.

What you'll do:
- Threat model privacy concepts (consent, data sharing, data minimization, purpose limitation, retention, sovereignty, product privacy, etc.) into concrete adversarial scenarios, then design and execute red team engagements against those scenarios
- Conduct deep, hands-on technical assessments and penetration tests of internal and external-facing systems, products, and services, with a focus on bypassing user privacy expectations from the perspective of an external attacker
- Identify exploitable issues across the data lifecycle - how data flows internally between services and how it is shared with external parties - and demonstrate impact end-to-end.
- Research emerging privacy threats and attack techniques; develop new testing methodologies and abuse cases ahead of them landing in production.
- Partner with engineering and product teams to integrate privacy-preserving controls throughout the SDLC, and translate findings into actionable, prioritized remediation guidance.
- Research and analyze emerging threats in privacy, proactively identifying mitigation strategies and testing methodologies to protect user data.
- Help shape the practices, processes, and documentation that define how privacy red teaming is done at TikTok, both internally and with cross-functional working groups.
- Build tooling, scripts, and frameworks to scale privacy-focused assessments and automate recurring checks.

Knowledge, Skills & Abilities:
- Strong fundamentals in computer science, offensive security (especially appsec), security engineering, and privacy engineering.
- Ability to reason about privacy as an attacker: turning abstract concepts (consent, data sharing, minimization, retention) into concrete, testable abuse cases.
- Strong manual secure code review skills, with an eye for privacy-specific bugs in addition to traditional appsec issues.
- Comfortable working across heterogeneous stacks and unfamiliar codebases.
- Ability to operate independently, prioritize across competing engagements, and drive complex assessments to completion.
- Excellent written and verbal communication, with experience working cross-functionally with engineering, legal, and compliance partners.

Qualifications

Minimum Qualification(s):
- Hands-on experience as an offensive penetration tester / red teamer
- Demonstrated depth in application security, mobile security pentesting, red team exercises, APT simulations and cloud systems
- Experience performing manual secure code review on production codebases.
- Track record of leading complex technical assessments end-to-end as an individual contributor - threat modeling, scoping, executing, and technical reporting.
- Working knowledge of core privacy concepts such as data minimization, data sovereignty, data sharing, consent, and privacy policies, with the ability to translate them into security testing scenarios.
- Familiarity with major privacy regulations (e.g., GDPR, CCPA) and how they map to technical controls. Ability to understand and apply foundational privacy concepts in a security testing context.

Preferred Qualification(s):
- Strong working knowledge of privacy concepts such as data minimization, data sovereignty, data sharing, consent, and privacy policies - and the ability to threat model around them to find privacy-specific vulnerabilities.
- Deep understanding and experience with common offensive testing frameworks such as MITRE ATT&CK and proficiency in a scripting language for tooling, automation, and code review at scale.
- Visible contributions to the security or privacy community - public research, talks, blog posts, bug bounty findings, CVEs, OSS tooling, etc.

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $212800 - $387600 annually.

Want more jobs like this?

Get Software Engineering jobs in San Jose, CA delivered to your inbox every week.

Job alert subscription


Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.

Client-provided location(s): San Jose, CA
Job ID: TikTok-7657687234804664629
Employment Type: OTHER
Posted: 2026-07-03T00:51:40

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • HSA
    • Life Insurance
    • Fitness Subsidies
    • Short-Term Disability
    • Long-Term Disability
    • On-Site Gym
    • Mental Health Benefits
    • Virtual Fitness Classes
  • Parental Benefits

    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
  • Work Flexibility

    • Flexible Work Hours
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Casual Dress
    • Snacks
    • Pet-friendly Office
    • Happy Hours
    • Some Meals Provided
    • Company Outings
    • On-Site Cafeteria
    • Holiday Events
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
  • Financial and Retirement

    • 401(K) With Company Matching
    • Performance Bonus
    • Company Equity
  • Professional Development

    • Promote From Within
    • Access to Online Courses
    • Leadership Training Program
    • Associate or Rotational Training Program
    • Mentor Program
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)

Company Videos

Hear directly from employees about what it is like to work at TikTok.