Responsibilities

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains. This role is responsible for the design and development of security architecture and the implementation of technical controls, and validating them in alignment with security policies and regulatory requirements. Key validation areas include enterprise security at TikTok and securing the full-stack security lifecycle. This position plays a critical role in establishing a foundational framework to assess and advance the maturity of TikTok’s security architecture. The role will also maintain and evolve security architectures across enterprise systems, endpoints, email infrastructure, data centers, networks, and CDN environments, enabling continuous validation and enhancement of security maturity. RESPONSIBILITIES - Define measurable technical security controls for the enterprise security environment based on common global frameworks. The enterprise security environment includes employee laptops, email technologies, and common office building computing resources such as conference room tech, local servers, and IoT devices. - Conduct technical security validation to simulate real-world attack scenarios and validate the effectiveness of detection and response controls. - Design and implement technical validations of technical security controls in the enterprise security environment using existing infrastructure and utilities, or supplement with additional technologies as required. - Design, develop, and evolve enterprise-wide security architectures aligned, security frameworks with TikTok's global security strategy to support scalable and secure deployments.. - Work with cross-functional teams to identify control gaps and assist those teams with plans for remediation.

Qualifications

Minimum Qualifications: - Strong expertise in enterprise laptop technologies (Mac and Windows), with an ability to balance security and user experience. - Hands-on experience with security tooling and technologies (e.g., SIEM, EDR, WAF, DLP, firewalls, VPN, CASB). - Strong understanding of threat modeling, risk assessment methodologies, and security validation techniques. - Experience with Breach-and-Attack Simulation (BAS) frameworks and tools in large-scale environments with knowledge of EDR evasion techniques and post-exploitation methodologies. - Excellent communication and stakeholder management skills across technical and non-technical teams. - Familiarity with at least one programming or scripting language (e.g., Python, Java, Go, Bash, C/C++), with strong debugging skills. - Ability to work in office 5 days a week Preferred Qualifications: - 5+ years of experience in cybersecurity with a focus on enterprise and infrastructure security engineering and architecture. - Bachelor's degree in a relevant technical field or security certifications (e.g., OSCP, CRTO, CISSP, CEH, CCSP). - Experience in large-scale, global enterprises or fast-paced tech environments. - Knowledge of policy-as-code or continuous security control validation platforms. - Broad familiarity across a wide range of security domains beyond enterprise security, including email security, application security, IoT, and other critical areas of the security stack. - Knowledge of automation and validation techniques, such as policy-as-code or continuous control validation platforms.

Job Information