Tiktok - Los Angeles, CA
posted 3 days ago
As an Application Security Penetration Tester at TikTok's U.S. Data Security (USDS), you will play a crucial role in validating security controls around web resources, mobile applications, and their backend services. This position is part of a new security-first division dedicated to enhancing data protection policies and content assurance protocols to ensure the safety of U.S. users. Your work will involve collaborating with a team of security testing professionals to improve existing service offerings and security testing capabilities. You will conduct hands-on technical testing focused on identifying vulnerabilities, particularly those outlined by the OWASP Top Ten, in both web and mobile applications. In this role, you will be expected to possess a comprehensive understanding of various security domains, including operating systems, networking protocols, firewalls, databases, and middleware applications. You will also engage in continuous learning and research to enhance your skills and knowledge as part of the Offensive Security Operations team. The position requires a hybrid work schedule, where employees are expected to work in the office three days a week, fostering collaboration and cross-functional partnerships. Your responsibilities will include developing and modifying custom tools to address new security needs, building relationships with engineering teams to advance TikTok's security posture, and conducting full exploitation operations in both Windows and Unix environments. You will also be responsible for creating detailed reports and presentations for both technical and executive audiences, communicating findings to stakeholders, and performing various types of security testing, including web application testing, mobile application testing, and network penetration testing. Additionally, you will utilize various attacker tools and techniques to analyze and identify vulnerabilities, implement security testing as part of an automated process, and contribute to other cybersecurity initiatives as assigned.