Penetration Tester - USDS (Multiple Positions)
San Jose, California, United States
About TikTok U.S. Data Security
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible.
Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company.
Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come.
By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users.
When we create and grow together, the possibilities are limitless.
Join us.
About the Team
Our team plays a crucial role in ensuring the company’s success. We seek people who are willing to learn and put in the effort to solve problems. Our challenges are not your regular day-to-day problems - you’ll be part of a team that’s developing new solutions to new challenges. It’s working fast, at scale, and we’re making a difference. We are looking for talents to join us on this exciting journey!
Responsibilities
Conduct security penetration testing to assess and validate the security posture of cloud infrastructures, networks, containers, web applications, mobile applications, and their backend web services.
Collaborate with a team of security professionals to enhance existing service offerings and improve security testing capabilities.
Perform hands-on technical testing to identify vulnerabilities, including OWASP top 10 risks, across various platforms.
Develop and modify custom tools to address emerging security needs.
Establish relationships with engineering teams to promote and drive security maturity across the organization.
Execute comprehensive exploitation operations in Windows, Linux, and MacOS environments to simulate real-world attacks.
Prepare detailed technical reports and presentations tailored to both technical and executive audiences.
Communicate findings, risks, and recommended strategies to key stakeholders, including technical teams, executive leadership, and legal counsel.
Conduct innovative research on emerging security threats and solutions, fostering a culture of innovation and knowledge sharing.
Perform in-depth testing of web applications, mobile applications, and networks, including penetration testing and source code reviews.
Utilize attacker methodologies and tools to analyze vulnerabilities and security risks.
Integrate static and dynamic application security testing into automated security testing processes to ensure continuous monitoring and improvement of application security.
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible.
Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company.
Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come.
By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users.
When we create and grow together, the possibilities are limitless.
Join us.
About the Team
Our team plays a crucial role in ensuring the company’s success. We seek people who are willing to learn and put in the effort to solve problems. Our challenges are not your regular day-to-day problems - you’ll be part of a team that’s developing new solutions to new challenges. It’s working fast, at scale, and we’re making a difference. We are looking for talents to join us on this exciting journey!
Responsibilities
Conduct security penetration testing to assess and validate the security posture of cloud infrastructures, networks, containers, web applications, mobile applications, and their backend web services.
Collaborate with a team of security professionals to enhance existing service offerings and improve security testing capabilities.
Perform hands-on technical testing to identify vulnerabilities, including OWASP top 10 risks, across various platforms.
Develop and modify custom tools to address emerging security needs.
Establish relationships with engineering teams to promote and drive security maturity across the organization.
Execute comprehensive exploitation operations in Windows, Linux, and MacOS environments to simulate real-world attacks.
Prepare detailed technical reports and presentations tailored to both technical and executive audiences.
Communicate findings, risks, and recommended strategies to key stakeholders, including technical teams, executive leadership, and legal counsel.
Conduct innovative research on emerging security threats and solutions, fostering a culture of innovation and knowledge sharing.
Perform in-depth testing of web applications, mobile applications, and networks, including penetration testing and source code reviews.
Utilize attacker methodologies and tools to analyze vulnerabilities and security risks.
Integrate static and dynamic application security testing into automated security testing processes to ensure continuous monitoring and improvement of application security.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
9
1
0
Category:
PenTesting Jobs
Tags: Application security Cloud DAST Governance Linux MacOS Monitoring OWASP Pentesting Privacy Vulnerabilities Windows
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Systems Administrator jobsInformation System Security Officer jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsSecurity Operations Engineer jobsSenior Cloud Security Engineer jobsSenior Information Security Analyst jobsCyber Security Specialist jobsInformation Security Manager jobsSenior Product Security Engineer jobsSecurity Consultant jobsSenior Network Security Engineer jobsInformation System Security Officer (ISSO) jobsSenior Information Security Engineer jobsChief Information Security Officer jobsSenior Cyber Security Engineer jobsSecurity Specialist jobsInformation Systems Security Engineer jobsIT Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Software Engineer jobsSecurity Operations Analyst jobsNetwork Engineer jobsCybersecurity Specialist jobsSenior IT Auditor jobs
Security assessment jobsGDPR jobsTS/SCI jobsEDR jobsEncryption jobsSDLC jobsSplunk jobsThreat detection jobsTerraform jobsRMF jobsMalware jobsCompTIA jobsITIL jobsSQL jobsFinance jobsIDS jobsTop Secret jobsIPS jobsSOC 2 jobsOWASP jobsForensics jobsDocker jobsActive Directory jobsClearance Required jobsGIAC jobs
CRISC jobsOSCP jobsMITRE ATT&CK jobsIntrusion detection jobsDoDD 8570 jobsTCP/IP jobsAnsible jobsHIPAA jobsVPN jobsSOAR jobsZero Trust jobsCCSP jobsIT infrastructure jobsData Analytics jobsJavaScript jobsJira jobsBanking jobsUNIX jobsIndustrial jobsSOX jobsDNS jobsNIST 800-53 jobsKPIs jobsCISO jobsGCIH jobs