Application Security Engineer Graduate (TikTok) - 2026 Start (BS/MS)

ion is infinite at TikTok.

Successful candidates must be able to commit to an onboarding date by end of year 2026. Please state your availability and graduation date clearly in your resume.

Candidates can apply to a maximum of two positions and will be considered for jobs in the order you apply. The application limit is applicable to TikTok and its affiliates' jobs globally. Applications will be reviewed on a rolling basis - we encourage you to apply early.

Job Responsibilities
As a Graduate Application Security Engineer, you will be at the forefront of our efforts to embed security into the entire product lifecycle. You will work alongside various engineering teams to secure our applications, from design to deployment. Your responsibilities will include:

1. Assisting in the design and execution of security assessments, including code reviews, penetration testing, and threat modeling for web and mobile applications.
2. Design and develop security tooling to identify vulnerabilities and optimise the product security review process.
3. Perform architecture and design reviews to ensure that our applications are implemented to the highest security and privacy standards, thus maintaining and enhancing user trust.
4. Work closely with software engineering teams to provide security guidance and co-design complex production systems.
5. Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution.

Qualifications

Minimum Qualifications

1. Final year or recent graduate with a background in Computer Science, Cybersecurity, Software Engineering, or a related technical discipline.
2. Experience in writing and reviewing code in at least two of the following programming languages: Kotlin, Swift, TypeScript, Go, Python, Rust.
3. Solid knowledge and understanding in various disciplines: web application security, mobile app security, network security, applied cryptography. You're expected to be familiar with at least one of these areas.
4. Familiarity with common security risks, including their principles, attack and defense strategies, and systematic governance and construction approaches.
5. Self-driven and capable of coping with ambiguity and applying theoretical concepts in practice.
6. Demostrate interest in cybersecurity.
7. Strong problem-solving skills and excellent debugging / troubleshooting skills.

Preferred Qualifications

1. CTF players, live competitions and hacking events experience.
2. CVEs such as remote code execution are preferred.
3. BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.

By submitting an application for this role, you accept and agree to our global applicant privacy policy, which may be accessed here: https://careers.tiktok.com/legal/privacy
If you have any questions, please reach out to us at [email protected]