Security Assurance Manager, APAC

at  ByteDance

About the Company
Founded in 2012, ByteDance’s mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.
Why Join Us
Creation is the core of ByteDance’s purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible.
Together, we inspire creativity and enrich life - a mission we aim towards achieving every day.
To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At ByteDance, we create together and grow together. That’s how we drive impact - for ourselves, our company, and the users we serve.
Join us.
About the Security Assurance Team at ByteDance
The team is missioned to build infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. We are responsible for infosec security assurance for the company, researching offensive and defensive technology and skills to continuously improve the company’s fundamental security, data security, and business security levels, and strive to reduce the impact of 0day vulnerabilities and incidents. In this team, you’ll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in building scalable and secure-by-design systems and solutions. You’ll be part of a team that’s developing new solutions to new challenges of a kind not previously addressed by big tech. It’s working fast, at scale, and we’re making a difference.

Responsibilities

• Lead and manage a team of passionate individuals focused on improving the security posture of the company’s products and systems with leadership of Champion Diversity and Inclusion (including valuing individual differences, thinking global, and facilitating effective collaboration by assuming good intent and trusting by default. ).
• Develop positive and trusted relationships with business partners both inside and outside of the company.
• Ensure individual support and talent development for direct reports, leading the team in terms of technical excellence and practicing ByteStyle principles.
• Design and perform SDLC security services, including analyzing design, architectures, existing systems services, operating systems, networks and applications from a security perspective, via black box testing, code reviews, App scanning, automation, threat modeling and research. This is to meet confidentiality, integrity, authentication, availability, authorisation, and nonrepudiation standards.
• Manage security assurance, red team, threat intelligence teams.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.
• Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution.

Qualifications

Minimun Qualifications

• Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Electrical Engineering, or other relevant majors.
• 5+ years of security engineering experience such as design review, threat modeling, security mitigation development, security tooling development or privacy engineering, and red teaming.
• 5+ years of people management in an engineering organization, strong leadership skills and stress-resistance.
• Advanced knowledge and understanding in various disciplines: web application security, mobile app security, network security, operating system internals and hardening, applied cryptography, cloud computing. You’re expected to be an expert in at least one of these areas.
• Solid experience in writing and reviewing code in at least one of the following programming languages: JavaScript (Node JS), Go, Python, Java, C++, Rust.
• Strong problem-solving skills and excellent debugging / troubleshooting skills.

Qualifications

Preferred Qualifications

• Passionate about self-studying cutting edge technologies and staying relevant. Strong communication and collaboration skills, and willing to take ownership.

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too

• Lead and manage a team of passionate individuals focused on improving the security posture of the company’s products and systems with leadership of Champion Diversity and Inclusion (including valuing individual differences, thinking global, and facilitating effective collaboration by assuming good intent and trusting by default. ).
• Develop positive and trusted relationships with business partners both inside and outside of the company.
• Ensure individual support and talent development for direct reports, leading the team in terms of technical excellence and practicing ByteStyle principles.
• Design and perform SDLC security services, including analyzing design, architectures, existing systems services, operating systems, networks and applications from a security perspective, via black box testing, code reviews, App scanning, automation, threat modeling and research. This is to meet confidentiality, integrity, authentication, availability, authorisation, and nonrepudiation standards.
• Manage security assurance, red team, threat intelligence teams.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.
• Discover security issues that appear under new threat scenarios, support incident response, forensics, remediation in a cross-functional environment driving towards incident resolution