Expert Application Security Engineer

About OKX:   At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE. We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.     Responsibilities:

• Identify and address security vulnerabilities in code, systems, and networks using manual review, automated tools, and threat modeling.
• Manage and optimize application security tools, processes, and alerts.
• Validate and respond to Bug Bounty submissions.
• Stay informed on the latest offensive security techniques, application security threats, and best practices, and suggest improvements to enhance our security posture.
• Produce detailed reports of your findings, present them to both management and technical teams, and contribute to preventing real-world attacks.
• Collaborate with development teams to implement secure coding practices.
• Work alongside other teams, including operations and compliance, to ensure that security is a consistent priority across the organization.
• Participate in incident response and management activities.

  Qualifications:

• 3+ years of experience in offensive security techniques.
• In-depth understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
• Proficient in code review, particularly with Kotlin/Swift/Typescript/JavaScript, with a strong grasp of application security threats.
• Ability to create proof-of-concepts (PoCs) to demonstrate vulnerabilities, review patch code for adherence to standards, and collaborate with repository owners and maintainers.
• Strong analytical and problem-solving abilities.
• Excellent verbal and written communication skills.

Nice-to-have:

• Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
• Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
• In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
• Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
• Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
• Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.

  Perks & Benefits:

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process!