Application Security Engineer- Global E-Commerce

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

As part of ByteDance's Security Department, Security BP team is not only responsible for the security and risk management of the Monetization business, but also plays an important role in connecting and building trust between the business and security team. Leveraging on various capabilities provided by the Security Department, we ensure the business and customer data are secured by providing high-quality services to the Monetization business, such as platform security, product security, business security and compliance governance.

• Provide security engineering support to product teams to help identify potential security flaws in the early stages of SDLC.
• Continuously design and conduct penetration testing to determine if infrastructure components, systems and applications meet security standards in the staging/production environment.
• Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution.
• Collaborate closely with other parts of the security team and product teams to design defense-in-depth controls that limit attackers' ability and improve our security postures.
• To identify risks and actively take ownership to resolve any potential security project issues.
• Continuously conduct security research and strive to innovate.

• Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.
• Strong knowledge in some of these various disciplines: web application security, mobile app security, cloud security and thick client security.
• Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Java, C++, Rust.
• Good project management skills and focused teamwork.

• Experience in independent supporting the application security of a business line
• CTF players, BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.