Application Security Vulnerability Management - USDS

Application Security Vulnerability Management - USDS Responsibilities About TikTok U.S. Data SecurityTikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security ("USDS") is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. The Application Security Compliance Specialist plays a crucial role in validating vulnerability reports from third parties and collaborating with development teams to remediate findings. This role is an excellent opportunity to join a growing team and have an impact on a truly global scale. Responsibilities: Vulnerability Validation: Thoroughly review and validate vulnerability reports received from third-party security researchers, vendors, or internal sources to determine their legitimacy and impact on our applications. Collaborative Remediation: Work closely with cross-functional development teams, including software engineers and system administrators, to prioritize and facilitate the remediation of identified vulnerabilities in a timely manner. Recommendation and Guidance: Provide expert guidance and recommendations to development teams on how to effectively remediate vulnerabilities, including code changes, configuration adjustments, and best practices in secure coding. Documentation: Maintain accurate records of all vulnerability reports, assessments, and remediation efforts, ensuring clear documentation of findings and resolutions. Security Awareness: Promote security awareness within the organization by conducting training sessions, sharing insights on emerging threats, and fostering a culture of security consciousness. Stay Current: Stay up-to-date with the latest security trends, threats, and best practices in application security, and incorporate this knowledge into security processes and procedures. Qualifications Minimum Qualifications: Proven experience as an Application Security Engineer or in a similar role. Proven ability to identify, analyze, and solve ambiguous problems. Strong problem-solving skills and excellent debugging / troubleshooting skills. In-depth knowledge of web application vulnerabilities (e.g., OWASP Top Ten) and common attack vectors. Experience with vulnerability assessment tools and penetration testing techniques. Proficiency in programming languages such as Python, Java, C/C++, Kotlin, Swift, TypeScript, Go, or Python. Strong communication skills, #J-18808-Ljbffr

Created: 2025-03-07