Tech Lead Manager - Vulnerability Research

Team Introduction
The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
- Lead a team of vulnerability researchers to scan, evaluate, and remediate attack surfaces to improve security postures
- Monitor and analyze emerging cyber threats, vulnerabilities, and exploits relevant to our infrastructure and products.
- Conduct research and analysis of reports from Bug Bounty program, stay up to date with current vulnerabilities, provide detailed risk analysis and potential impact
- Analyze, assess, compile, and prioritize vulnerabilities to document and communicate mitigation recommendations
- Collaborate with cross-functional software engineering teams in developing products and services for delivering security assurance.Minimum Qualification:
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or other relevant majors.
- Passion and extremely self-motivated about security research, especially to discover real-world security problems, and addressing in-the-wild security threats. Deep understanding of vulnerability analysis and discovery as well as exploitation process and techniques.
- Knowledge of Common Vulnerabilities and Exposures (CVEs), cyber threats, and vulnerability mitigation strategies.
- Experience with Vulnerability Research
- Research experience in two or more of the following: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, operating system internals and hardening (e.g., Windows, Linux, OS X, Android), network security, vulnerability management, penetration testing, or applied cryptographic concepts.

Preferred Qualifications:
- Bachelor's degree in Cybersecurity, Computer Science, or a technical field (or equivalent work experience in related field
- Professional certifications in Cybersecurity (OSCP, GCIH, GREM, GNFA or other relevant certifications)
- Experience in working and investigating incidents in Cloud environments (e.g. AWS, GCP)
- Familiarity with container technologies such as Docker and Kubernetes
- A strong background in data science, AI, machine learning, and deep learning. Experience in applying AI technology to security domain is highly preferred.