Posted on Dec 17, 2024

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Opportunity

As a Security Engineer, you will put in your utmost efforts to secure the OKX platform with millions of daily active users. You will work cross-functionally with design, product, and other engineering teams to identify and assess security risks, design and develop advanced security protective mechanisms and products or deliver high-quality thorough security operations and reinforcements. This is an opportunity to learn the full security life cycle of crypto and Web3 platforms and work along with a top-class security team fighting against worldwide security threats. 

What You’ll Be Doing

  • The construction and continuous optimization of infrastructure security capabilities, including intrusion technology research, intrusion behavior analysis and feature extraction, development/validation/iteration of detection rules and processes, and development of security infrastructures.
  • Designing, developing, and maintaining high-performance backend systems to support the requirements of client security projects.
  • Providing help and guidance to developers on secure coding practices.
  • Conducting security testing and vulnerability assessments, including penetration testing, vulnerability scanning, and code reviews.
  • Conducting routine checks and tests to ensure that all known vulnerabilities are detected and patched.
  • Maintaining high-quality technical documentation. Upholding technology best practices and code reviews with peers. Improving efficiency in cross-office/time zone collaboration.
  • Contribute to building out and optimizing data loss prevention programs.
  • Contribute to policy creation, organizational audits and changes within the organization.
  • Conducting incident response, incident remediation and other related fixes.
  • Optional directions include but are not limited to web security, network security, host and terminal security, data security, threat intelligence, SoC/SIEM/SOAR, Client Security, DevSecOps, etc., respecting personal interests and development intentions.

What We Look For In You

  • Be eager to learn and grow into the role and function.
  • Bachelors in Computer Science, Technology, Cyber Security, Engineering, Mathematics, related technical disciplines, or self-taught enthusiasts.
  • 3 to 5 years of experience being a member of a Security team focused on detection and response operations.
  • Solid basic knowledge of security attack and defense, understanding common vulnerability principles and attack techniques, familiar with the best practices and common solutions of the defense side.
  • Experienced with IP/TCP stack, network routing protocols, and wireless protocols; understanding of network concepts and their application to cyber security best practices.
  • Experience with secure coding, SIEM, or DLP technologies.
  • Possessing relevant tech stack skillset and knowledge for the respective specialization - Java/Python/Go, relational databases, data structures and algorithms, OS, and network computers.
  • Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset.
  • Experience with incident response and remediation.

Nice to Haves

  • Comfortable with the cloud-based Linux environment. Knowledgeable in multi-threading and distributed architecture. Understanding of mainstream messaging frameworks, including Kafka. Or familiar with daily developing tools such as NPM, gulp, webpack, git.
  • Experience in penetration tests, intrusion detection capability development, and maintenance, security emergency response, and other related work.
  • Experience in CTF competitions and achieving good results.
  • Experience in freelance projects, hacking competitions. Bug bounties, and related cyber security projects or competitions.
  • Having participated in trainings or certifications.
  • Interested in equipping themselves to be full-stack architects and open to rotate amongst specializations. Curious and excited about the crypto/blockchain industry.
  • Ability to prioritize risks to the business in real-time
  • Excellent analytical and problem-solving skills with attention to detail
  • Able to speak Mandarin fluently

Perks & Benefits

  • Competitive total compensation package
  • L&D programs and Education subsidy for employees' growth and development
  • Various team building programs and company events
  • Wellness and meal allowances 
  • Comprehensive healthcare schemes for employees and dependents