Secure Software Development Lifecycle Specialist - USDS6 days ago Be among the first 25 applicantsResponsibilitiesThe SSDLC Specialist is tasked with collaborating across cross-functional teams to promote security and compliance best practices throughout the enterprise. They should be aware of current policies and procedures and ensure they are being followed properly. The specialist should have experience working with development teams to deliver secure products.Responsibilities:Partnering with Developers and Global Security teams to review upcoming features and implement security best-practicesPerform internal and external reviews to assess security maturity and assure that security principles are correctly appliedAnalyze review results to identify recommended security and supply chain management process improvementsInterpret and implement applicable standards and regulations as they apply to products, processes, and practicesSupport regulatory compliance monitoring and reportingSupport exception handling and escalationQualificationsMinimum Qualifications:Working knowledge/experience with Build and Deploy tooling and technologies (Maven, Artifactory, Jenkins, etc...)Working knowledge of vulnerability chaining techniques in web applications to maximize the impact of an attack and a basic understanding of encryption conceptsAbility to describe inherent weaknesses in web technology and protocols to cross-functional audiencesAbility to work alongside other security functions to determine vulnerability impact and appropriate mitigationsAbility to examine issues both strategically and analytically.Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.Strong analytical and problem-solving skillsPreferred Qualifications:CISSP, CISM, or equivalent certificationSoftware development experienceFamiliarity with vulnerability management across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud, etc.)Working knowledge/experience with Python, SQL and REST APIsAbility to handle ambiguity and collaborate with a global teamAbility to coach junior staff and contractorsAbout USDSTikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained.Data Security StatementThis role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.Why Join UsInspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.Diversity & InclusionTikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach.Seniority levelMid-Senior levelEmployment typeFull-timeJob functionEngineering and Information TechnologyIndustriesSoftware Development
#J-18808-Ljbffr