Red Team Engineer, Security Assurance

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

The Security Assurance Team is researching offensive and defensive technology and skills to continuously improve the company's fundamental security, data security, and business security levels. We strive to minimize the impact of 0-day vulnerabilities and incidents. Our team provides a range of security services, including SDLC, vulnerability management, extreme critical risks discovery, supply chain security, network defense, red teaming, underground market crackdown, threat detection, emergency response, threat intelligence, and information security investigation.

• Propose, plan, and execute Red Team Operations to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and nonrepudiation standards based on realistic threats to the organization.
• Maintain a deep understanding of ByteDance Enterprise Products, how they work, and how they could be attacked or abused.
• Conduct security exercises that emulate real-world threats, TTPs that are most relevant to our organization.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.
• Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations.
• Collaborate across multiple defense/product teams to propose enhancements and improve current security offerings.

• Background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.
• Strong knowledge in some of these various disciplines: red team operations, infrastructure security, MITRE, TTPs.
• An adversarial mindset to emulate a real-world attacker.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

• Red Team Experience in an enterprise environment.
• CTF players, live competitions and hacking events experience.
• CVEs (excluding vulnerabilities such as XSS, CSRF in random CMS) are preferred.
• BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.