Privacy Engineer (Validation) - PDPO (Singapore)

TikTok

4.5

(6)

Singapore

Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.
  • #7262366660786669882

    Position summary

    us.

    The Privacy and Data Protection Office (PDPO) Org is responsible for leading, supervising, and empowering all of TikTok's privacy work in an accountable and industry-leading way. The PDPO team has particular expertise in privacy risks and passionately consults across the company to implement proper safeguards and technical mitigations that ensure our users' privacy is respected across all of TikTok's products and platforms.
    TikTok's Privacy & Data Protection Organization is expanding our Privacy Validation and Detection Engineering (VaDE) Team. TikTok's Privacy VaDE Team is responsible for validating potential privacy gaps, developing robust detections to enable continuous privacy monitoring, and providing technical engineering support during urgent incident & inquiry response efforts.
    As a Privacy Engineer on the VaDE team, you will play a crucial role in protecting the privacy of our global user base. This role involves triaging and analyzing security & privacy reports submitted by researchers, ensuring compliance with regulations such as GDPR, identifying privacy incidents, and coordinating with incident responders and the legal team.

    Responsibilities

    • Perform tests on suspected privacy vulnerabilities to validate the presence of a vulnerability and gather evidence to support remediation efforts.
    • Assist in privacy-related incident and inquiry response efforts by performing technical investigations on privacy incidents, identifying root causes, and recommending mitigation and remediation actions to prevent future occurrences.
    • Work closely with development and product teams to incorporate privacy best practices into the design and development of new products and features. Advocate for "privacy by design" principles to embed privacy considerations throughout the product development lifecycle.
    • Collaborate with legal and compliance teams to maintain and improve privacy policies and procedures.
    • Maintain detailed records of privacy assessments, testing, detections, and related activities. Generate regular reports for management and stakeholders, providing insights on privacy risks.
    • Stay up-to-date with global privacy regulations, such as GDPR, CCPA, or other relevant data protection laws. Ensure our organization's practices align with applicable privacy laws and standards.
    • Support the development of practices, processes, mechanisms, and documentations for the above activities, both internally and within working groups.

    Qualifications

    Minimum Qualifications:

    • Experience with Penetration Testing or Red Team exercises.
    • Familiarity with common web security concepts, including OWASP Top 10.
    • Expertise in various security disciplines such as web application security, mobile app security, and cloud security
    • Excellent understanding of data handling processes, data flows, and data lifecycle management.
    • Familiarity with core privacy concepts such as data minimization, purpose limitation, data sovereignty, transparency, and data retention
    • Effective communication skills to interact with technical and non-technical stakeholders.

    Preferred Qualifications:

    • Have contributed to the security or privacy community, such as conducting public research, blogging, giving presentations, participating in bug bounties, CVEs, etc.
    • At least 2 years of work experience with scripting languages and/or software development.
    • Experience implementing or assessing the implementation of GDPR, CCPA, or equivalent privacy regulation.
    • Familiarity with privacy-enhancing technologies and data anonymization techniques.
    • Relevant certifications in privacy and data protection (eg, CIPP/E, CIPM, CIPT, OSCP) are a plus.
    • Experience with security testing tools such as Burp Suite.

    TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

    #LI-DC4

    Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.