Tiktok - Mountain View, CA
posted 4 days ago
As an Application Security Penetration Tester at TikTok's U.S. Data Security (USDS), you will play a crucial role in validating security controls around web resources and mobile applications, as well as their backend web services. This position is part of a new security-first division dedicated to enhancing data protection policies and content assurance protocols to ensure the safety of U.S. users. You will collaborate with a team of security testing professionals to improve existing service offerings and security testing capabilities, focusing on identifying vulnerabilities in both web and mobile applications, particularly those outlined by the OWASP Top Ten. In this role, you will be expected to develop and modify custom tooling to address new security needs, build strong relationships with engineering teams to elevate TikTok's security posture, and conduct full exploitation operations in both Windows and Unix environments. You will also be responsible for creating comprehensive reports and presentations tailored for both technical and executive audiences, effectively communicating your findings and strategies to various stakeholders, including technical staff, executive leadership, and legal counsel. Your work will involve innovative research and fostering an environment of knowledge sharing, as well as performing web application testing, mobile application testing, network penetration testing, and source code reviews. You will utilize various attacker tools, tactics, and procedures to analyze and identify vulnerabilities, and implement both static and dynamic security testing as part of an automated application security testing process. Additionally, you may be assigned other cybersecurity operational and project initiatives as needed.