Security Engineer

Who We Are

OKX is revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology and to date, we have 50+ million users, 3000+ employees and 180+ countries believing in the same vision as us. We are safe and reliable, backed by our Proof of Reserves. As strong supporters of the Arts and Sports, we are proud partners of @McLarenF1 @ManCity @Tribeca.

About the Opportunity

As a Security Engineer, you will put in your utmost efforts to secure the OKX platform with millions of daily active users. You will work cross-functionally with design, product, and other engineering teams to identify and assess security risks, design and develop advanced security protective mechanisms and products or deliver high-quality thorough security operations and reinforcements. This is an opportunity to learn the full security life cycle of crypto and Web3 platforms and work along with a top-class security team fighting against worldwide security threats.

What You’ll Be Doing

• The construction and continuous optimization of infrastructure security capabilities, including intrusion technology research, intrusion behavior analysis and feature extraction, development/validation/iteration of detection rules and processes, and development of security infrastructures.
• Designing, developing, and maintaining high-performance backend systems to support the requirements of client security projects.
• Providing help and guidance to developers on secure coding practices.
• Conducting security testing and vulnerability assessments, including penetration testing, vulnerability scanning, and code reviews.
• Conducting routine checks and tests to ensure that all known vulnerabilities are detected and patched.
• Maintaining high-quality technical documentation. Upholding technology best practices and code reviews with peers. Improving efficiency in cross-office/time zone collaboration.
• Contribute to building out and optimizing data loss prevention programs.
• Contribute to policy creation, organizational audits and changes within the organization.
• Conducting incident response, incident remediation and other related fixes.
• Optional directions include but are not limited to web security, network security, host and terminal security, data security, threat intelligence, SoC/SIEM/SOAR, Client Security, DevSecOps, etc., respecting personal interests and development intentions.

What We Look For In You

• Be eager to learn and grow into the role and function.
• Bachelors in Computer Science, Technology, Cyber Security, Engineering, Mathematics, related technical disciplines, or self-taught enthusiasts.
• 3 to 5 years of experience being a member of a Security team focused on detection and response operations.
• Solid basic knowledge of security attack and defense, understanding common vulnerability principles and attack techniques, familiar with the best practices and common solutions of the defense side.
• Experienced with IP/TCP stack, network routing protocols, and wireless protocols; understanding of network concepts and their application to cyber security best practices.
• Experience with secure coding, SIEM, or DLP technologies.
• Possessing relevant tech stack skillset and knowledge for the respective specialization - Java/Python/Go, relational databases, data structures and algorithms, OS, and network computers.
• Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset.
• Experience with incident response and remediation.

Nice to Haves

• Comfortable with the cloud-based Linux environment. Knowledgeable in multi-threading and distributed architecture. Understanding of mainstream messaging frameworks, including Kafka. Or familiar with daily developing tools such as NPM, gulp, webpack, git.
• Experience in penetration tests, intrusion detection capability development, and maintenance, security emergency response, and other related work.
• Experience in CTF competitions and achieving good results.
• Experience in freelance projects, hacking competitions. Bug bounties, and related cyber security projects or competitions.
• Having participated in trainings or certifications.
• Interested in equipping themselves to be full-stack architects and open to rotate amongst specializations. Curious and excited about the crypto/blockchain industry.
• Ability to prioritize risks to the business in real-time
• Excellent analytical and problem-solving skills with attention to detail
• Able to speak Mandarin fluently

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances 
• Comprehensive healthcare schemes for employees and dependents