Security Engineer, Technology Governance, Certification & Audit

Summary

Join OKX as a Graduate Security Engineer in their Supernova Program, a 3-year Career Accelerator Program. As a graduate Security Engineer, you will ensure security and compliance of the OKX platform with millions of daily active users.

Requirements

• Bachelors in Computer Science, Information Systems, Technology, Engineering, or related technical disciplines
• Solid knowledge of information security principles, control design, and implementation
• Holistic risk assessment skills to break down complex infrastructural and procedural issues to its basic principles for effective and controllable solutions
• Compliance first mindset. Ability to lead by example for internal and external stakeholders. Highlight organizational best practices and embrace our We Before Me principle
• Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset. Able to manage multiple concurrent projects of different workloads, timelines and deadlines

Responsibilities

• Organising, coordinating and facilitating audits by working with the auditors and obtaining evidence for audit requests
• Handling due diligence requests and questionnaires received from regulators and other third parties
• Supporting business units in developing and maintaining relevant technology related documentation to support local licensing application and maintenance
• Identifying technology, security and compliance control gaps and coordinating with stakeholders to resolve the gaps. Communicate and bridge the gap between external regulatory or audit requirements and internal stakeholder operations
• Designing security and compliance controls to meet the requirements of best practices in application security, infrastructure security as well as regulatory compliance, and to coordinate with engineers to implement them
• Conducting security and control gap assessments, risk assessments and audits
• Developing and maintaining high-quality technical, security and organizational documentation, including policies, standard operating procedures, standards and guidelines
• Upholding security and technology best practices. Improving efficiency in cross-office/time zone collaboration
• Collaborate with team members and functional stakeholders to meet control requirements to demonstrate organizational security compliance

Preferred Qualifications

• Knowledgeable in the relevant tech stack skillset for the respective specialization - relational databases, OS, networking, encryption and cryptography, identity and access management, change management / SDLC, cloud service architecture
• Familiarity with the cloud-based Linux environment. Knowledgeable in distributed architecture. Understanding of Kubernetes or container orchestration architecture
• Familiarity with Java/Python/Go, and with daily developing tools such as npm, gulp, web-pack, git
• Alibaba Cloud and AWS knowledge and certifications are a strong plus
• Familiarity with information security risk management and compliance frameworks and reporting standards (i.e. ISO 27001, NIST CSF, SOC 2 Common Criteria, CSA STAR) is a strong plus
• Familiarity with security and IT risk certifications from recognized bodies such as ISACA, ISC2, CompTIA, CSA (e.g.: CISA, CISSP, CCSP, CCSK)
• Proficiency in speaking, reading and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members

Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants