TikTok
February 2025 – Present
New York, NY
Senior Offensive Security Engineer
- Engineered and scaled a continuous automated penetration testing deployment across 4 tenancies, expanding network coverage to ~137K hosts.
- Defined scope, approvals, and guardrails for continuous testing operations via a comprehensive rules of engagement framework, enabling seamless integration of additional network segments and infrastructure into automated testing pipelines.
- Built automated scan-to-ticketing integrations that ingested findings directly into the internal SOC platform, and developed SOPs, CLI tooling, and LLM-integrated API connectors enabling the broader team to operate and extend the deployment independently.
- Integrated offensive operation findings into a breach and attack simulation platform via custom Python scripts spanning multiple infrastructure segments, providing actionable data for detection engineering.
- Built automated WAF posture validation tooling against load-balanced targets using categorized payload wordlists across common web vulnerability classes, tracking allow/block outcomes for baseline efficacy measurement.
- Nominated for two awards and recipient of one for solo-executing PCI DSS tests of over 200,000 hosts.
- Performed PCI penetration tests, AI security reviews, mobile device management evaluations, voice synthesis model assessments, web application security assessments and internal network penetration tests.