Lead Vulnerability Management Specialist
Singapore, Singapore
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and its offices include New York, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Creation is the core of TikTok's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible. Together, we inspire creativity and enrich life - a mission we aim towards achieving every day. To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact-for ourselves, our company, and the users we serve. Join us.
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The Lead Vulnerability Engineer is tasked with the day to day activities of the Vulnerability Management Team. They schedule, conduct, and regularly review vulnerabilities, analyzing for key risks and escalating where needed. They should be aware of current policies and procedures and ensure they are being followed properly. The Lead Vulnerability Engineer should have hands on experience with vulnerability management tools and be able to mentor and advise other team members.
Responsibilities:
Vulnerability Assessment
- Thoroughly review, evaluate and validate vulnerability reports received from security researchers, vendors, or internal sources to determine their legitimacy and impact on our applications. Evaluate vulnerabilities based on severity and reduce false positives
- Provide expert guidance and recommendations to development teams on how to effectively remediate/patch vulnerabilities, including code changes, configuration adjustments, and best practices in secure coding
Documentation and Reporting:
- Develop processes and document procedures for use by other team members and to enhance efficiencies
- Maintain regular communication with Vulnerability Management Lead and organizational management for collaboration, process optimization, tools tuning, and information sharing
Security Awareness Training:
- Promote security awareness within the organization by conducting training sessions, sharing insights on emerging threats, and fostering a culture of security consciousness
Scripting Coding & Automation:
- Develop scripts, plugins, or integrations to automate repetitive tasks and streamline workflows
- Develop custom tools or applications to address specific automation needs within the vulnerability management process
- Write and maintain scripts (e.g., Python, PowerShell) to automate vulnerability scanning, analysis, and remediation activities
Compliance & Audit Support:
- Participate in audits and assessments to validate vulnerability management processes
- Implement controls to address compliance requirements related to vulnerabilities
- Assist in the preparation of security reports for compliance and audit purposes
Why Join Us
Creation is the core of TikTok's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible. Together, we inspire creativity and enrich life - a mission we aim towards achieving every day. To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact-for ourselves, our company, and the users we serve. Join us.
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The Lead Vulnerability Engineer is tasked with the day to day activities of the Vulnerability Management Team. They schedule, conduct, and regularly review vulnerabilities, analyzing for key risks and escalating where needed. They should be aware of current policies and procedures and ensure they are being followed properly. The Lead Vulnerability Engineer should have hands on experience with vulnerability management tools and be able to mentor and advise other team members.
Responsibilities:
Vulnerability Assessment
- Thoroughly review, evaluate and validate vulnerability reports received from security researchers, vendors, or internal sources to determine their legitimacy and impact on our applications. Evaluate vulnerabilities based on severity and reduce false positives
- Provide expert guidance and recommendations to development teams on how to effectively remediate/patch vulnerabilities, including code changes, configuration adjustments, and best practices in secure coding
Documentation and Reporting:
- Develop processes and document procedures for use by other team members and to enhance efficiencies
- Maintain regular communication with Vulnerability Management Lead and organizational management for collaboration, process optimization, tools tuning, and information sharing
Security Awareness Training:
- Promote security awareness within the organization by conducting training sessions, sharing insights on emerging threats, and fostering a culture of security consciousness
Scripting Coding & Automation:
- Develop scripts, plugins, or integrations to automate repetitive tasks and streamline workflows
- Develop custom tools or applications to address specific automation needs within the vulnerability management process
- Write and maintain scripts (e.g., Python, PowerShell) to automate vulnerability scanning, analysis, and remediation activities
Compliance & Audit Support:
- Participate in audits and assessments to validate vulnerability management processes
- Implement controls to address compliance requirements related to vulnerabilities
- Assist in the preparation of security reports for compliance and audit purposes
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
2
0
0
Category:
Leadership Jobs
Tags: Audits Automation Compliance PowerShell Privacy Python Scripting Vulnerabilities Vulnerability management
Region:
Asia/Pacific
Country:
Singapore
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Officer jobsInformation System Security Officer jobsInformation Security Manager jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsSenior Cloud Security Engineer jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsSystems Administrator jobsSecurity Consultant jobsSystems Engineer jobsSenior Information Security Analyst jobsChief Information Security Officer jobsIT Security Analyst jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsInformation System Security Officer (ISSO) jobsSenior Penetration Tester jobsInformation Systems Security Engineer jobsThreat Intelligence Analyst jobsStaff Security Engineer jobsCyber Threat Intelligence Analyst jobsSecurity Operations Analyst jobsCyber Security Architect jobs
CI/CD jobsKubernetes jobsGDPR jobsJava jobsEDR jobsRMF jobsSaaS jobsForensics jobsSplunk jobsIDS jobsDoDD 8570 jobsSQL jobsIPS jobsIntrusion detection jobsBash jobsSDLC jobsActive Directory jobsThreat detection jobsCompTIA jobsITIL jobsGIAC jobsFinance jobsCRISC jobsClearance Required jobsOWASP jobs