DevSecOps Security Expert
Singapore, Singapore
OKX
Buy BTC, ETH, XRP and more on OKX, a leading crypto exchange – explore Web3, invest in DeFi and NFTs. Register now and experience the future of finance.
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa
Who We Are
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
Responsibilities:
- Responsible for developing and maintaining the DevSecOps DAST scanning engine.
- According to complex application scenarios, write and optimize DAST scanning rules to verify the vulnerabilities scanned by the DAST scanning engine and ensure the accuracy of vulnerability scanning and reproduction.
- Continuously iterate the DAST engine, optimize the scanning process, improve scanning efficiency and detection rate, and enhance scanning coverage.
- Responsible for designing, developing and maintaining the backend systems of the DevSecOps security team.
Requirements
- At least 5 years of experience in DevSecOps or related field.
- Familiar with the working principle and practical application of DAST, capable of developing and constructing engines.
- Solid Golang and/or Java development skills, able to write automated scripts to support vulnerability scanning, vulnerability fixing, and engine optimization.
- Proficient in DAST engine tools (such as AWVS, Xray, Burp Suite, etc.) for vulnerability scanning, able to customize scanning rules for specific business needs.
- Able to analyze and handle false positives and false negatives in the DAST scanning engine.
- Familiar with the principles and repair measures of common web application vulnerabilities (such as SQL injection, XSS, CSRF, file upload vulnerabilities, etc.).
- Familiar with DevSecOps processes, able to integrate DAST tools and scan engines into CI/CD pipelines.
- Strong problem analysis ability and technical document writing ability, able to analyze and provide feasible repair solutions based on vulnerability reports.
- Good communication and teamwork skills, able to work closely with the XFN team to promote the implementation of safety work.
Preferred Qualifications:
- Experience with other security testing tools and methods.
- Familiar with containerization technology and Cloud Native architecture, with practical experience in DAST scanning in cloud environments.
- Candidates with experience in DAST engine development are preferred.
Perks & Benefits
- Competitive total compensation package.
- L&D programs and Education subsidy for employees' growth and development.
- Various team building programs and company events.
- Wellness and meal allowances.
- Comprehensive healthcare schemes for employees and dependants.
- More that we love to tell you along the process!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
2
1
0
Category:
DevSecOps Jobs
Tags: Blockchain Burp Suite CI/CD Cloud Crypto CSRF DAST DevSecOps Golang Java SQL SQL injection Vulnerabilities XSS
Perks/benefits: Competitive pay Team events
Region:
Asia/Pacific
Country:
Singapore
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsProduct Security Engineer jobsSenior Cybersecurity Engineer jobsSystems Administrator jobsSenior Security Analyst jobsCybersecurity Editor jobsCybersecurity Content Editor jobsSenior Information Security Analyst jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsSecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsSecurity Specialist jobsIT Security Engineer jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSenior Software Engineer jobsSecurity Operations Analyst jobsCyber Security Architect jobs
Bash jobsJava jobsCEH jobsEncryption jobsTS/SCI jobsThreat detection jobsSplunk jobsSDLC jobsTerraform jobsTop Secret jobsSQL jobsMalware jobsIDS jobsSOC 2 jobsIPS jobsRMF jobsFinance jobsDocker jobsForensics jobsCompTIA jobsActive Directory jobsOWASP jobsITIL jobsIntrusion detection jobsAnsible jobs
VPN jobsHIPAA jobsIT infrastructure jobsCRISC jobsGIAC jobsTCP/IP jobsDoDD 8570 jobsOSCP jobsClearance Required jobsMITRE ATT&CK jobsDNS jobsSOAR jobsData Analytics jobsCCSP jobsZero Trust jobsIndustrial jobsSOX jobsJira jobsArtificial Intelligence jobsBanking jobsJavaScript jobsMachine Learning jobsNIST 800-53 jobsUNIX jobsCISO jobs