Responsibilities

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.

Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.

The Application Security Compliance Specialist is tasked with validating and vetting core security practices for existing and new TikTok products and features. They work with a variety of cross functional stakeholders to review products and features and integrate application security best practices as part of the SDLC process. This role requires strong appsec skills and holds excellent growth potential by touching many security domains such as risk and compliance, gap analysis, identity and access and others.

Responsibilities:
- Perform security architecture design reviews
- Security analysis from an adversarial perspective using manual and automated tooling (Burp suite etc.)
- Manual and automated source code review
- Navigate novel situations to identify and mitigate risks
- Define security requirements to mitigate risks
- Build collaborative relationships with various stakeholders to ensure risks are identified early and managed appropriately
- Communicate complex topics with stakeholders/leadership in a non-technical manner

Qualifications

Minimum Qualifications:
- Advanced knowledge of security engineering, system and network security, authentication, and security protocol
- 5+ years of audit, compliance, and enterprise risk management experience
- Proven ability to identify, analyze, and solve ambiguous problems
- Hand-on security engineering experience such as penetration testing, source code review, design review, threat modeling, security mitigation development, or security tooling development.

Preferred Qualifications:
- Solid experience in writing and reviewing code in at least two of the following programming languages: Kotlin, Swift, TypeScript, Go, or Python.
- Advanced knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. You're expected to be an expert in at least one of these areas
- Strong problem-solving skills and excellent debugging / troubleshooting skills.

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/ktJP6

This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.