Sr. Security Validation Speciaist - Enterprise to Edge Security, Global Security Organization

Sr. Security Validation Specialist – Enterprise to Edge Security, Global Security Organization

2 days ago Be among the first 25 applicants

The mission of Tik Tok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep Tik Tok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the Tik Tok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever Tik Tok operates.

Trust is one of Tik Tok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on Tik Tok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.

Sec Ops Validation Team (STOV) is responsible for the tools and technologies that support the Tik Tok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains.

This role is responsible for the design and development of security architecture and the implementation of technical controls, and validating them in alignment with security policies and regulatory requirements. Key validation areas include enterprise security at Tik Tok and securing the full‑stack security lifecycle. This position plays a critical role in establishing a foundational framework to assess and advance the maturity of Tik Tok’s security architecture.

The role will also maintain and evolve security architectures across enterprise systems, endpoints, email infrastructure, data centers, networks, and CDN environments, enabling continuous validation and enhancement of security maturity.

• Define measurable technical security controls for the enterprise security environment based on common global frameworks. The enterprise security environment includes employee laptops, email technologies, and common office building computing resources such as conference room tech, local servers, and IoT devices.
• Conduct technical security validation to simulate real-world attack scenarios and validate the effectiveness of detection and response controls.
• Design and implement technical validations of technical security controls in the enterprise security environment using existing infrastructure and utilities, or supplement with additional technologies as required.
• Design, develop, and evolve enterprise-wide security architectures aligned with security frameworks with Tik Tok's global security strategy to support scalable and secure deployments.
• Work with cross‑functional teams to identify control gaps and assist those teams with plans for remediation.

• Strong expertise in enterprise laptop technologies (Mac and Windows), with an ability to balance security and user experience.
• Hands‑on experience with security tooling and technologies (e.g., SIEM, EDR, WAF, DLP, firewalls, VPN, CASB).
• Strong understanding of threat modeling, risk assessment methodologies, and security validation techniques.
• Experience with Breach‑and‑Attack Simulation (BAS) frameworks and tools in large‑scale environments with knowledge of EDR evasion techniques and post‑exploitation methodologies.
• Excellent communication and stakeholder management skills across technical and non‑technical teams.
• Familiarity with at least one programming or scripting language (e.g., Python, Java, Go, Bash, C/C++), with strong debugging skills.
• Ability to work in office 5 days a week.

• 5+ years of experience in cybersecurity with a focus on enterprise and infrastructure security engineering and architecture.
• Bachelor's degree in a relevant technical field or security certifications (e.g., OSCP, CRTO, CISSP, CEH, CCSP).
• Experience in large‑scale, global enterprises or fast‑paced tech environments.
• Knowledge of…