Security Engineer

Summary

Join OKX, a leading digital asset exchange, as a Security Engineer to secure the platform with millions of daily active users. You will work cross-functionally with design, product, and other engineering teams to identify and assess security risks, design and develop advanced security protective mechanisms, and deliver high-quality thorough security operations and reinforcements.

Requirements

• Be eager to learn and grow into the role and function
• Bachelors in Computer Science, Technology, Cyber Security, Engineering, Mathematics, related technical disciplines, or self-taught enthusiasts
• 3 to 5 years of experience being a member of a Security team focused on detection and response operations
• Solid basic knowledge of security attack and defense, understanding common vulnerability principles and attack techniques, familiar with the best practices and common solutions of the defense side
• Experienced with IP/TCP stack, network routing protocols, and wireless protocols; understanding of network concepts and their application to cyber security best practices
• Experience with secure coding, SIEM, or DLP technologies
• Possessing relevant tech stack skillset and knowledge for the respective specialization - Java/Python/Go, relational databases, data structures and algorithms, OS, and network computers
• Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset
• Experience with incident response and remediation

Responsibilities

• The construction and continuous optimization of infrastructure security capabilities, including intrusion technology research, intrusion behavior analysis and feature extraction, development/validation/iteration of detection rules and processes, and development of security infrastructures
• Designing, developing, and maintaining high-performance backend systems to support the requirements of client security projects
• Providing help and guidance to developers on secure coding practices
• Conducting security testing and vulnerability assessments, including penetration testing, vulnerability scanning, and code reviews
• Conducting routine checks and tests to ensure that all known vulnerabilities are detected and patched
• Maintaining high-quality technical documentation. Upholding technology best practices and code reviews with peers. Improving efficiency in cross-office/time zone collaboration
• Contribute to building out and optimizing data loss prevention programs
• Contribute to policy creation, organizational audits and changes within the organization
• Conducting incident response, incident remediation and other related fixes
• Optional directions include but are not limited to web security, network security, host and terminal security, data security, threat intelligence, SoC/SIEM/SOAR, Client Security, DevSecOps, etc., respecting personal interests and development intentions

Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependents