Infrastructure Security Operation and Validation Architect - Global Security Organisation
TikTok.com
Office
San Jose, California, United States
Full Time
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The GSO provides industry-leading security and privacy services to Bytedance, guided by four principles: trust and transparency, business enablement, risk-informed decision-making, and proactive risk reduction. We strive to build sustainable, world-class security capabilities.
SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains.
The role will be responsible for design and development of Product Security technical controls required by security policy and regulations. The validation targets include product security of TikTok product family and Secure SDLC process. It will provide a solid foundation to evaluate maturity for TikTok product family and Secure SDLC. This role ensures product security governance is embedded into every stage of development, enabling scalable compliance while fostering collaboration across teams.
This role will focus on TikTok's global cloud and data center infrastructure. The team is responsible for administering security controls and implementing the validation across TikTok's hybrid-cloud environment, including native and 3rd party cloud environments, global datacenters, etc. The team partners with key stakeholders like IECS teams to design and implement the cloud and infrastructure security framework, establish security baselines, remediate cloud and infrastructure security vulnerabilities, administer and maintain security controls, and manage TikTok's multi-cloud services.
Responsibilities
- Lead the effort to define and implement TikTok's cloud and data center infrastructure security controls, in a global hybrid-cloud architecture
- Play a leading role in designing and implementing cloud and infrastructure security control validation frameworks and automation
- Enable the team to optimize TikTok's infrastructure security posture
- Working with TikTok related stakeholders to define the right priorities in cloud security
- Review and assess utilization of cloud security tooling, improve cloud and infrastructure security tool operation cost and efficiency.
- Using validation frameworks: find control gaps, develop and report cloud and infrastructure security metrics and drive remediation plans to bridge any gaps.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The GSO provides industry-leading security and privacy services to Bytedance, guided by four principles: trust and transparency, business enablement, risk-informed decision-making, and proactive risk reduction. We strive to build sustainable, world-class security capabilities.
SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains.
The role will be responsible for design and development of Product Security technical controls required by security policy and regulations. The validation targets include product security of TikTok product family and Secure SDLC process. It will provide a solid foundation to evaluate maturity for TikTok product family and Secure SDLC. This role ensures product security governance is embedded into every stage of development, enabling scalable compliance while fostering collaboration across teams.
This role will focus on TikTok's global cloud and data center infrastructure. The team is responsible for administering security controls and implementing the validation across TikTok's hybrid-cloud environment, including native and 3rd party cloud environments, global datacenters, etc. The team partners with key stakeholders like IECS teams to design and implement the cloud and infrastructure security framework, establish security baselines, remediate cloud and infrastructure security vulnerabilities, administer and maintain security controls, and manage TikTok's multi-cloud services.
Responsibilities
- Lead the effort to define and implement TikTok's cloud and data center infrastructure security controls, in a global hybrid-cloud architecture
- Play a leading role in designing and implementing cloud and infrastructure security control validation frameworks and automation
- Enable the team to optimize TikTok's infrastructure security posture
- Working with TikTok related stakeholders to define the right priorities in cloud security
- Review and assess utilization of cloud security tooling, improve cloud and infrastructure security tool operation cost and efficiency.
- Using validation frameworks: find control gaps, develop and report cloud and infrastructure security metrics and drive remediation plans to bridge any gaps.