We are looking for talented individuals to join us as a Project Intern. Internships at TikTok aim to offer industry exposure and hands-on experience. Watch your ambitions become reality as your inspiration brings infinite opportunities at TikTok. You’ll be joining a global offensive security team comprised of experienced professionals specializing in both application and native security. Our team is distributed across multiple continents, bringing together diverse perspectives and expertise to tackle complex security challenges. We collaborate closely to identify, analyze, and mitigate vulnerabilities in a wide range of environments, from modern applications to low-level native code, driving innovation in security research and automation. Responsibilities - Develop an automation pipeline to: - Download and preprocess firmware images. - Interface with LMM model to assist in vulnerability identification. - Analyze firmware for potential vulnerabilities using both automated and manual techniques. - Document and report discovered vulnerabilities through the internal reporting system. - Collaborate with security researchers and engineers to refine analysis techniques and improve automation workflows. - Maintain clear documentation of the toolchain, processes, and findings.
Minimum qualifications -Currently pursuing a Bachelor's degree or above. - Available to start between June- August for a duration of 3 months. - Familiarity with firmware (UEFI), reverse engineering, and binary analysis. - Experience with scripting or other programming languages (e.g., Python, Bash, Golang). - Basic understanding of machine learning models and their integration into workflows. - Understanding of memory corruption vulnerabilities (e.g., buffer overflow, use-after-free, integer overflow) commonly found in native code. - Basic knowledge of vulnerability research methodologies and tools (e.g., IDA Pro, BinaryNinja). Preferred qualifications - Experience working with LLMs or LMMs in a security context. - Prior experience in vulnerability discovery or CTF competitions. - Familiarity with secure coding practices.
Read Full Description