ByteDance

Responsibilities

About the Team

The team is missioned to build infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. In this team, you'll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in building scalable and secure-by-design systems and solutions. Our challenges are not your regular day-to-day technical problems; you'll be part of a team that's developing new solutions to new challenges of a kind not previously addressed by big tech. It's working fast, at scale, and we're making a difference.

As a project intern, you will have the opportunity to engage in impactful short-term projects that provide you with a glimpse of professional real-world experience. You will gain practical skills through on-the-job learning in a fast-paced work environment and develop a deeper understanding of your career interests.

Applications will be reviewed on a rolling basis - we encourage you to apply early.

Successful candidates must be able to commit to at least 3 months long internship period.

Job Responsibilities

• Propose, plan, and execute Red Team Operations to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and nonrepudiation standards based on realistic threats to the organization.
• Maintain a deep understanding of ByteDance Enterprise Products, how they work, and how they could be attacked or abused.
• Conducts security exercises that emulate real-world threats, TTPs that are most relevant to our organization.
• Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
• Certify infrastructure components, systems and applications that meet security standards.
• Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations.
• Collaborate across multiple defense/product teams to propose enhancements and improve current security offerings.

Qualifications

Minimum Qualifications:

• Final year or recent graduates with a background in Computer Science, Computer Engineering, Information Systems or other STEM disciplines.

Strong knowledge in some of these various disciplines: red team operations, infrastructure security, MITRE, TTPs.

• An adversarial mindset to emulate a real-world attacker.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Preferred Qualifications:

• Red Team Experience in an enterprise environment.
• CTF players, live competitions and hacking events experience.
• CVEs (excluding vulnerabilities such as XSS, CSRF in random CMS) are preferred.
• BugBounty experience with reputable statistics in HackerOne, BugCrowd etc.