Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains. This role is responsible for the design and development of security architecture and the implementation of technical controls, and validating them in alignment with security policies and regulatory requirements. Key validation areas include enterprise security at TikTok and securing the full-stack security lifecycle. This position plays a critical role in establishing a foundational framework to assess and advance the maturity of TikTok’s security architecture. The role will also maintain and evolve security architectures across enterprise systems, endpoints, email infrastructure, data centers, networks, and CDN environments, enabling continuous validation and enhancement of security maturity. RESPONSIBILITIES - Define measurable technical security controls for the enterprise security environment based on common global frameworks. The enterprise security environment includes employee laptops, email technologies, and common office building computing resources such as conference room tech, local servers, and IoT devices. - Conduct technical security validation to simulate real-world attack scenarios and validate the effectiveness of detection and response controls. - Design and implement technical validations of technical security controls in the enterprise security environment using existing infrastructure and utilities, or supplement with additional technologies as required. - Design, develop, and evolve enterprise-wide security architectures aligned, security frameworks with TikTok's global security strategy to support scalable and secure deployments.. - Work with cross-functional teams to identify control gaps and assist those teams with plans for remediation.
Qualifications
Minimum Qualifications: - Strong expertise in enterprise laptop technologies (Mac and Windows), with an ability to balance security and user experience. - Hands-on experience with security tooling and technologies (e.g., SIEM, EDR, WAF, DLP, firewalls, VPN, CASB). - Strong understanding of threat modeling, risk assessment methodologies, and security validation techniques. - Experience with Breach-and-Attack Simulation (BAS) frameworks and tools in large-scale environments with knowledge of EDR evasion techniques and post-exploitation methodologies. - Excellent communication and stakeholder management skills across technical and non-technical teams. - Familiarity with at least one programming or scripting language (e.g., Python, Java, Go, Bash, C/C++), with strong debugging skills. - Ability to work in office 5 days a week Preferred Qualifications: - 5+ years of experience in cybersecurity with a focus on enterprise and infrastructure security engineering and architecture. - Bachelor's degree in a relevant technical field or security certifications (e.g., OSCP, CRTO, CISSP, CEH, CCSP). - Experience in large-scale, global enterprises or fast-paced tech environments. - Knowledge of policy-as-code or continuous security control validation platforms. - Broad familiarity across a wide range of security domains beyond enterprise security, including email security, application security, IoT, and other critical areas of the security stack. - Knowledge of automation and validation techniques, such as policy-as-code or continuous control validation platforms.
Job Information
About TikTok
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
