Tik Tok
Red Team Operator, Offensive Security Operations - USDS
Tik Tok, San Jose, California, United States, 95199
Red Team Operator, Offensive Security Operations - USDS
Hybrid work schedule applies: employees to work in the office 3 days a week, or as directed by their manager/department. The specific requirements may change as the hybrid model is reviewed. Responsibilities Engagement in all phases of Red Team security operations Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets Perform network reconnaissance and open source intelligence gathering Configure and safely utilize attack tools, tactics, and procedures against authorized TikTok targets Develop scripts, tools, or methodologies to enhance TikTok's red teaming capabilities Help to execute the Red Team strategy to further enhance TikTok's security posture Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations Provide guidance to advance the defensive capabilities of the Business Operations team and its subsequent ability to defend the TikTok Understand business processes, internal control risk management, IT controls and related standards Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Understand clients' business environment and basic risk management approaches Build and nurture positive working relationships with internal clients with the intention to exceed their expectations
Qualifications
Minimum Qualifications Bachelors Degree or industry equivalent work experience in IT, Computer Engineering or a similar field Relevant, recent and verifiable experience in information security and adversary simulation Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector 5+ years experience in two or more of the following areas: Network penetration testing and manipulation of network infrastructure Web application penetration testing assessments Email, phone, or physical social-engineering assessments Developing, extending, or modifying exploits, shell code or exploit tools Experience with Red, Blue, or Purple teaming exercises Open to travel as the need arises to perform testing on-site e.g. Data centers, office locations etc. (Estimated Frequency: once per month)
Preferred Qualifications
Experience in large scale information technology implementations and operations preferred Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
About USDS
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This security-first division was created to bring heightened focus and governance to data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening. Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our product is built to help people authentically express themselves, discover and connect. Our global, diverse teams make that possible. We strive to do great things with great people, lead with curiosity and humility, and embrace challenges as we grow. By fostering an "Always Day 1" mindset, we aim to achieve meaningful breakthroughs for ourselves, our company, and our users. Join us. USDS Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA Job Information
Compensation: The base salary range for this position in the selected city is $118657 - $259200 annually. Compensation may vary outside of this range depending on factors including qualifications, skills, competencies and experience, and location. This role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Benefits include medical, dental, and vision insurance, a 401(k) with company match, paid parental leave, disability coverage, life insurance, wellbeing benefits, 10 paid holidays, 10 paid sick days, and 17 days Paid Personal Time (prorated on hire). #J-18808-Ljbffr
Hybrid work schedule applies: employees to work in the office 3 days a week, or as directed by their manager/department. The specific requirements may change as the hybrid model is reviewed. Responsibilities Engagement in all phases of Red Team security operations Work within the Red Team to perform physical exploitation, network exploitation and social engineering assessments against authorized targets Perform network reconnaissance and open source intelligence gathering Configure and safely utilize attack tools, tactics, and procedures against authorized TikTok targets Develop scripts, tools, or methodologies to enhance TikTok's red teaming capabilities Help to execute the Red Team strategy to further enhance TikTok's security posture Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations Provide guidance to advance the defensive capabilities of the Business Operations team and its subsequent ability to defend the TikTok Understand business processes, internal control risk management, IT controls and related standards Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement Understand clients' business environment and basic risk management approaches Build and nurture positive working relationships with internal clients with the intention to exceed their expectations
Qualifications
Minimum Qualifications Bachelors Degree or industry equivalent work experience in IT, Computer Engineering or a similar field Relevant, recent and verifiable experience in information security and adversary simulation Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector 5+ years experience in two or more of the following areas: Network penetration testing and manipulation of network infrastructure Web application penetration testing assessments Email, phone, or physical social-engineering assessments Developing, extending, or modifying exploits, shell code or exploit tools Experience with Red, Blue, or Purple teaming exercises Open to travel as the need arises to perform testing on-site e.g. Data centers, office locations etc. (Estimated Frequency: once per month)
Preferred Qualifications
Experience in large scale information technology implementations and operations preferred Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
About USDS
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This security-first division was created to bring heightened focus and governance to data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening. Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our product is built to help people authentically express themselves, discover and connect. Our global, diverse teams make that possible. We strive to do great things with great people, lead with curiosity and humility, and embrace challenges as we grow. By fostering an "Always Day 1" mindset, we aim to achieve meaningful breakthroughs for ourselves, our company, and our users. Join us. USDS Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA Job Information
Compensation: The base salary range for this position in the selected city is $118657 - $259200 annually. Compensation may vary outside of this range depending on factors including qualifications, skills, competencies and experience, and location. This role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Benefits include medical, dental, and vision insurance, a 401(k) with company match, paid parental leave, disability coverage, life insurance, wellbeing benefits, 10 paid holidays, 10 paid sick days, and 17 days Paid Personal Time (prorated on hire). #J-18808-Ljbffr