Penetration Tester - USDS (Multiple Positions)

About TikTok U.S. Data Security
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.

Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible.
Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company.
Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come.
By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users.
When we create and grow together, the possibilities are limitless.
Join us.

About the Team
Our team plays a crucial role in ensuring the company’s success. We seek people who are willing to learn and put in the effort to solve problems. Our challenges are not your regular day-to-day problems - you’ll be part of a team that’s developing new solutions to new challenges. It’s working fast, at scale, and we’re making a difference. We are looking for talents to join us on this exciting journey!

Responsibilities
Conduct security penetration testing to assess and validate the security posture of cloud infrastructures, networks, containers, web applications, mobile applications, and their backend web services.
Collaborate with a team of security professionals to enhance existing service offerings and improve security testing capabilities.
Perform hands-on technical testing to identify vulnerabilities, including OWASP top 10 risks, across various platforms.
Develop and modify custom tools to address emerging security needs.
Establish relationships with engineering teams to promote and drive security maturity across the organization.
Execute comprehensive exploitation operations in Windows, Linux, and MacOS environments to simulate real-world attacks.
Prepare detailed technical reports and presentations tailored to both technical and executive audiences.
Communicate findings, risks, and recommended strategies to key stakeholders, including technical teams, executive leadership, and legal counsel.
Conduct innovative research on emerging security threats and solutions, fostering a culture of innovation and knowledge sharing.
Perform in-depth testing of web applications, mobile applications, and networks, including penetration testing and source code reviews.
Utilize attacker methodologies and tools to analyze vulnerabilities and security risks.
Integrate static and dynamic application security testing into automated security testing processes to ensure continuous monitoring and improvement of application security.