TikTok's Privacy and Data Protection Office (PDPO) is seeking to address privacy risks and ensure user data protection across its platforms by assessing and strengthening the data protection system.
Requirements
- Experience with web system penetration testing, vulnerability research and data privacy understanding, the ability to complete vulnerability finding and verification independently
- Understanding of common web application framework architecture, cloud service architecture and data storage system architecture, have practical penetration experience on actual web system or data protection system
- Experience with common testing frameworks and tools to perform security testing (e.g. Burp Suite, sqlmap, any kind of SAST or DAST tools)
- Coding experience in one of the programming languages for more than 5 years : Golang、python、Java、C/C++
- 5+ years work experience in web security or data security
- Public research or paper in privacy or security communities and conferences
- Public CVEs owners, bug bounty hall of fame nomination
Responsibilities
- Privacy and security assessment on TikTok's data protection system to find both privacy and security issues that can affect user's data
- Build data protection system threat model to summarise the overall data leakage risks and help engineering teams to strengthen the protection system
- Advanced privacy and security topics research
Other
- B.S. or M.S. in Computer Science or relevant certification
- Top winners of famous CTF competition
