Responsibilities
About the Team:
The Cyber Defense and Engineering team covers a broad spectrum within the security field, including red teaming, data loss prevention, and security operations. Our focus is on establishing security controls, identifying and addressing vulnerabilities, and providing insights into the security posture of TikTok USDS. Our mission is to develop and deploy technology to enable TikTok to build the most trusted product in our industry.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Want more jobs like this?
Get jobs in San Jose, CA delivered to your inbox every week.
Role Overview:
The SSDLC Specialist is tasked with collaborating across cross-functional teams to promote security and compliance best practices throughout the enterprise. They should be aware of current policies and procedures and ensure they are being followed properly. The specialist should have experience working with development teams to deliver secure products.
Responsibilities:
- Partnering with Developers and Global Security teams to review upcoming features and implement security best-practices
- Perform internal and external reviews to assess security maturity and assure that security principles are correctly applied
- Analyze review results to identify recommended security and supply chain management process improvements
- Interpret and implement applicable standards and regulations as they apply to products, processes, and practices
- Support regulatory compliance monitoring and reporting
- Support exception handling and escalation
Qualifications
Minimum Qualifications:
- Working knowledge/experience with Build and Deploy tooling and technologies (Maven, Artifactory, Jenkins, etc...)
- Working knowledge of vulnerability chaining techniques in web applications to maximize the impact of an attack and a basic understanding of encryption concepts
- Ability to describe inherent weaknesses in web technology and protocols to cross-functional audiences
- Ability to work alongside other security functions to determine vulnerability impact and appropriate mitigations
- Ability to examine issues both strategically and analytically.
- Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
- Strong analytical and problem-solving skills
Preferred Qualifications:
- CISSP, CISM, or equivalent certification
- Software development experience
- Familiarity with vulnerability management across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud, etc.)
- Working knowledge/experience with Python, SQL and REST APIs
- Ability to handle ambiguity and collaborate with a global team
- Ability to coach staff and contractors
Job Information
[For Pay Transparency] Compensation Description (annually)
The base salary range for this position in the selected city is $194000 - $355000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
For Los Angeles County (unincorporated) Candidates:
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:
1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.