TikTok

Compensation

Full Description

Responsibilities About the Team The Validation and Verification (VnV) team ensures the security and reliability of our product through a comprehensive, continuous security lifecycle: Prevent → Assure → Test → Fix → Prove. The Security Operations Assurance (SOA) team is the vital link between identifying security flaws (Test) and demonstrating risk reduction (Prove). We own the Assure and Fix stages. Our Security Assurance Analysts focus primarily on the Assure stage by validating control efficacy, developing security metrics, and managing the tooling infrastructure that provides real-time visibility into our security posture. Working alongside the Vulnerability and Remediation Analysts, you will be the data and assurance expert, ensuring we have the reliable metrics needed to monitor, report on, and ultimately Prove the effectiveness of our security investments. About the Role The Security Assurance Analyst is a highly technical role within the SOA team, focused on the operational health and measurable efficacy of our security controls. You are responsible for designing, building, and maintaining the systems that allow us to confidently say our defenses are working. You will be the key driver in creating and updating the real-time operational dashboard, gathering and normalizing data from various security tools (EDR, CSPM, scanners), and supporting the Team Lead in creating the high-level risk reports. This role requires a strong understanding of security tools, data analysis, and an ability to translate raw operational data into meaningful security metrics (KPIs/KRIs). Responsibilities: - Security Metrics and Reporting: Design, develop, and maintain the central security metrics and executive risk reporting data pipeline, ensuring data integrity and accuracy. - Operational Dashboard Management: Build and continuously update the real-time operational dashboard that provides visibility into security tool status, asset coverage, and control efficacy. - Security Control Efficacy Validation: Conduct regular checks and operational audits on critical security controls to verify they are deployed correctly, functioning as intended, and effectively mitigating threats (Assure stage). - Tools Health Monitoring: Monitor the operational status and health of various security tools (e.g., ensuring agents are deployed and checking in, scanners are running successfully). - Data Aggregation and Normalization: Gather and normalize data inputs from disparate security tools and systems to support unified metrics calculation and reporting. - Compliance Support: Assist the Team Lead in preparing data packages and evidence for internal and external security audits and compliance reviews (Prove stage). - Process Improvement: Identify and recommend improvements to the processes used for collecting security data and verifying control effectiveness. Qualifications Minimum Qualifications - 5+ years of experience in Information Security, focusing on Security Operations, GRC, Metrics, or Data Analysis within a security context. - Technical Tooling Knowledge: Direct experience working with and gathering data from security tooling (e.g., EDR/XDR platforms, cloud security tools like CSPM, vulnerability scanners). - Data and Visualization: Proficiency in creating dashboards and reports using data visualization tools (e.g., Tableau, Power BI, Splunk, or similar security reporting platforms). - Security Metrics: Foundational understanding of how to define and track security Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). Preferred Qualifications - Certifications: Certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP). - Scripting/Querying: Experience with scripting languages (e.g., Python) or advanced query languages (e.g., SQL, Splunk SPL) for data extraction and manipulation. - GRC Platform Experience: Direct experience administering or utilizing GRC (Governance, Risk, and Compliance) platforms. - Process Documentation: Experience documenting security control processes and data flows for internal use and audit readiness. About USDS TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. On-site presence across teams allows the company to operate with greater speed, alignment, and agility — especially in areas like real-time decision-making, team development, and integrated execution. As such, the company is shifting from a hybrid work model to a fully in-person schedule up to 5 days a week. Why Join Us Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day. We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us. Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too. USDS Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA Job Information 【For Pay Transparency】Compensation Description (Annually) The base salary range for this position in the selected city is $118800 - $269800 annually. Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units. Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure). The Company reserves the right to modify or change these benefits programs at any time, with or without notice. For Los Angeles County (unincorporated) Candidates: Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment: 1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues; 2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and 3. Exercising sound judgment.