The Product Security Team at ByteDance is missioned to build infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. In this team, you'll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in building scalable and secure-by-design systems and solutions. Our challenges are not your regular day-to-day technical problems; you'll be part of a team that's developing new solutions to new challenges of a kind not previously addressed by big tech. It's working fast, at scale, and we're making a difference.
Responsibilities
- Continuously conduct penetration testing to identify security vulnerabilities in the staging/production environment.
- To understand the key features and functionalities of various products in the company.
- To coordinate and make arrangements for security assessments with various product teams.
- To identify risks and actively take ownership to resolve any potential project issues.
- Conduct technical security review for any new products and feature requirements.
- Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations.
- Provide safety engineering support to product teams to help identify potential security flaws in early stages of SDLC.
- Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.
- Monitor and analyze emerging cyber threats, vulnerabilities, and exploits relevant to our infrastructure and products.
Qualifications
- BS/MS Degree in Computer Science, Software Engineer, or a related field.
- Good knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. You're expected to have advanced knowledge in at least one of these areas.
- Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Java, C++, Rust.
- Strong analytical and evaluative thinking of security related problems.
- Good project management skills and focused teamwork.
Preferred:
- Experience in working with enterprise systems and SDLC-Security processes are preferred.
- Ability to take challenges, work independently or as a team, and be self-driven to learn new technologies.