SOC Analyst

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

About the Opportunity

We are seeking a SOC Analyst to join our security team and play a key role in protecting OKX’s platform, which serves millions of daily active users. In this role, you will monitor, analyze, and respond to security events and incidents, working cross-functionally with design, product, and engineering teams to assess risks, develop advanced security mechanisms, and strengthen overall security operations. This is a unique opportunity to gain hands-on experience in the full security lifecycle of crypto and Web3 platforms, collaborating with a world-class security team to combat global cyber threats.

What You’ll Be Doing

• Monitor and Investigate Security Threats: Analyze security alerts and incidents, identifying threats from cybercriminals, scammers, APTs, and Nation-State actors.
• Threat Intelligence & Risk Assessment: Leverage threat intelligence streams to stay ahead of emerging threats and vulnerabilities, following defined investigation processes to assess risks and their impact on internal and external customers.
• Incident Investigation & Escalation: Perform in-depth investigations of confirmed security incidents, identifying threats and mitigating actions to contain and eradicate them. Escalate true positives to senior security engineers globally with well-documented findings and recommendations.
• Log Analysis & Anomaly Detection: Conduct ad-hoc analysis of varied logs, identifying anomalies in internal and customer environments.
• Security Tuning & Process Improvement: Identify and document tuning opportunities to enhance security monitoring and response.
• Incident Reporting & Documentation: Assist in creating high-quality incident reports by performing enriching queries and investigations for core stakeholders.
• 24x7 SOC Coverage: Work as part of a shift pattern to provide round-the-clock SOC monitoring and response, including on-call support as needed.

What We Look For In You 

• 1 to 3 years of experience being a member of a security team focused on detection and response operations.
• Demonstrate a passion for technology and have equivalent experience or a Bachelor's degree in Cybersecurity, Computer Science or a related field.
• Solid basic knowledge of security attack and defense, understanding common vulnerability principles and attack techniques, familiar with the best practices and common solutions of the defense side.
• Strong understanding of security principles, threats, and vulnerabilities.
• Experienced with IP/TCP stack, network routing protocols, and wireless protocols; understanding of network concepts and their application to cyber security best practices.
• Proficiency with security monitoring and analysis tools.
• Experience in a SOC or similar role.
• The ability to combine excellent analytical, problem solving and time management skills to manage a dynamic workload. Strong interpersonal and communication skills, both oral and written, in English.
• Strong collaboration skills in a team environment whilst also being capable of working independently.
• Experience with secure coding, SIEM, or DLP technologies.

Nice to Haves

• Comfortable with the cloud-based Linux environment. Knowledgeable in multi-threading and distributed architecture. Understanding of mainstream messaging frameworks, including Kafka. Or familiar with daily developing tools such as NPM, gulp, webpack, git.
• Experience in penetration tests, intrusion detection capability development, and maintenance, security emergency response, and other related work.
• Experience in CTF competitions and achieving good results.
• Experience in freelance projects, hacking competitions. Bug bounties, and related cyber security projects or competitions.
• Having participated in trainings or certifications.
• Interested in equipping themselves to be full-stack architects and open to rotate amongst specializations.
• Curious and excited about the crypto/blockchain industry.
• Ability to prioritize risks to the business in real-time
• Excellent analytical and problem-solving skills with attention to detail
• A level of proficiency in Mandarin would be useful, but not essential

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events