TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo.   

The Global Security Organization provides industry leading security and privacy services to TikTok globally. Our organization uses four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, We drive risk informed and empowered decision making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development – to consistently build sustainable world-class security capabilities. 

As a part of the Red Team Operator team within the Business Operations team, you will be a part of the Security Operations team responsible for Enterprise Defense Operations and Platform Management, Hosting Platform Defense Operations, and Global Security Technology Operations. The Security Operations team's primary focus is management of security and defense platforms, technologies, tools, and services supporting security controls across TikTok's environments. Red Team conduct advanced adversary emulation operations to challenge assumptions and emulate cyber and criminal threat actors targeting or attacking the business.

As a Red Team member, you will participate in the design and execution of campaign-based security operations for Tiktok, spanning a varying array of targets. Successful team members must be capable of evaluating environments, applications, systems or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real-world attack strategies.

To succeed in this role the candidate will possess breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. All red team members are expected to continuously improve their tradecraft through research, to add breadth and depth to their knowledge.

Responsibilities:
- Engagement in all phases of Red Team security operations
- Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets
- Perform network reconnaissance and open source intelligence gathering
- Configure and safely utilize attack tools, tactics, and procedures against authorized Tiktok targets
- Develop scripts, tools, or methodologies to enhance Tiktok's red teaming capabilities
- Help to execute the Red Team strategy to further enhance Tiktok 'ssecurity posture
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences
- Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations
- Provide guidance to advance the defensive capabilities of the Business Operations team and its subsequent ability to defend the Tiktok
- Understand business processes, internal control risk management, IT controls and related standards
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Understand clients' business environment and basic risk management approaches
- Build and nurture positive working relationships with internal clients with the intention to exceed their expectations

- Relevant, recent and verifiable experience in information security and adversary simulation
- Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector
- 3+ years’ experience in two or more of the following areas:
  - Network penetration testing and manipulation of network infrastructure
  - Web application penetration testing assessments
  - Email, phone, or physical social-engineering assessments
  - Developing, extending, or modifying exploits, shell code or exploit tools
  - Experience with Red, Blue, or Purple teaming exercises
- Experience in large scale information technology implementations and operations preferred
- Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We believe individuals shouldn't be disadvantaged because of their background or identity, but instead should be considered based on their strengths and experience. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to us at USCR@tiktok.com.