Vulnerability Management and Bug Bounty Senior Analyst

TikTok

4.5

(6)

New York, NY

Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.
  • #A172264

    Position summary

    des industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk.

    The Vulnerability Management and Bug Bounty Senior Analyst is tasked with the day to day activities of the Vulnerability Management Team. They manage and continuously improve the external bug bounty program. They should be aware of current policies and procedures and ensure they are being followed properly. The senior analyst should have hands on experience with vulnerability management tools and be able to mentor and advise other team members.

    Tasks and Responsibilities:

    • Develop and implement a comprehensive vulnerability management strategy for web and mobile applications.
    • Manage and continuously improve the external bug bounty program, including setting program scope, rules of engagement, and incentives for researchers to participate.
    • Triage reported vulnerabilities from the bug bounty program, prioritize them based on risk and impact assessments, and coordinate with internal development teams for timely resolution.
    • Regularly evaluate the performance and results of the bug bounty program, identify areas for improvement, and implement enhancements to mature the program over time.
    • Collaborate with external bug bounty platforms or vendors to ensure the program's effectiveness and efficiency.
    • Actively engage with external security researchers, fostering a collaborative relationship to encourage their participation in the bug bounty program and to facilitate effective communication throughout the vulnerability disclosure process.
    • Conduct manual verification of security issues identified through automated scans, manual tests or reported by external researchers to validate their severity and impact.
    • Collaborate with cross-functional teams to prioritize and address identified vulnerabilities based on risk and impact assessments.
    • Track and report on the status of vulnerability remediation efforts, including providing regular updates to stakeholders.
    • Stay informed about emerging security threats, industry best practices, and relevant regulations to continuously improve the effectiveness of our vulnerability management program.
    • Mentor and provide guidance to junior team members on vulnerability management processes and techniques.
    • Evaluate vulnerabilities based on prioritization criteria
    • Investigate persistent vulnerabilities
    • Coordinate and communicate with cross-functional teams throughout the VM lifecycle
    • Facilitate exception handling and escalation
    • Support regulatory compliance monitoring and reporting
    • Review and optimize scan templates to ensure complete coverage of environment
    • Support treatment and remediation activities with identified points of contact and system owners
    • Provide risk analysis for identified vulnerabilities and system change requests
    • Develop processes and document procedures for use by other team members and to enhance efficiencies
    • Maintain regular communication with Vulnerability Management Lead and organizational management for collaboration, process optimization, tools tuning, and information sharing

    Qualifications

    Minimum Qualifications:

    • Hands-on experience with vulnerability assessment tools, penetration testing methodologies, and secure coding practices.
    • Experience managing external bug bounty programs and working with security researchers.
    • Strong understanding of web and mobile application security vulnerabilities, such as OWASP Top 10.
    • Excellent communication skills, with the ability to effectively collaborate with both technical and non-technical stakeholders.
    • Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
    • Ability to work alongside other security functions to determine vulnerability scoring and impact
    • Strong analytical and problem-solving skills and Project management experience

    Preferred Qualifications:

    • Bachelor's Degree or industry equivalent work experience in vulnerability management or application security testing
    • 5 years of experience in vulnerability management, penetration testing, or related fields
    • CISSP, CEH, OSCP, or equivalent certification
    • Familiarity with vulnerability management across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud, etc.)
    • Working knowledge/experience with Python, SQL and REST APIs
    • Ability to handle ambiguity and collaborate with a global team
    • Ability to coach junior staff and contractors

    TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

    TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/cdpT2

    Job Information

    [For Pay Transparency] Compensation Description (annually)

    The base salary range for this position in the selected city is $147200 - $269800 annually.

    Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

    Our company benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support our employees to give their best in both work and life. We offer the following benefits to eligible employees:

    We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.

    Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off (PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.

    We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

    Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.