Senior/Staff Engineer, Security Platform Development
Hong Kong, Hong Kong SAR; Singapore, Singapore·Posted today
web3blockchaincybersecuritylogisticspythongolang
<div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="JAF7dFJcWoUusRx7RKkuM14BsYc" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-OqGZdUPi6oJlXzxlmNiu3gAmsVg"> <div data-page-id="V6OedkjJzouK9jxNIfuuhjt9sDc" data-docx-has-block-data="false"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div data-page-id="JAF7dFJcWoUusRx7RKkuM14BsYc" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-OqGZdUPi6oJlXzxlmNiu3gAmsVg"><em>OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.<br><br></em></div> </div> <h2 class="heading-2 ace-line old-record-id-doxuslsyQOGHoiYb47TiA1n51Th"><strong>Who We Are</strong></h2> <div class="ace-line ace-line old-record-id-doxustOiFVk8C3Uy4rotl5Nem5f"> <div data-page-id="PNNZdiw4Yo1ZOmx8btbucw8qsLG" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-Q479dQIlZozY6cxcPNFuoY1rsxe"> <div class="rich-text-paragraph" data-eleid="27"> <div class="ace-line ace-line old-record-id-RKOAdw3kVoh5EQxcr2juP3i0sTb"> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. </div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">Across our multiple offices globally, we are united by our core principles: <em>We Before Me</em>, <em>Do the Right Thing</em>, and <em>Get Things Done</em>. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.<br><br> <div data-page-id="Kpucdjv7JoAcSZxSf7PuRl5Yscb" data-lark-html-role="root" data-docx-has-block-data="false"> <div class=" old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.</div> </div> </div> </div> </div> </div> </div> </div> <div class="ace-line ace-line old-record-id-doxusq2WnfR822THsuqUosdSzFu"> </div> <h2 class="heading-2 ace-line old-record-id-doxus9qcafz8J9vhi3nwZgrckWg"><strong>About The Opportunity</strong></h2> <div data-page-id="AiPQdXfdFoecDex1OG7lJgYoghb" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-VhAAd9EtnoP9uDxtiUZlBDKCg3b">As a Technical Expert, you will lead the development of the company’s core security engineering and DevSecOps capabilities, with a strong focus on <strong>security product development, platform engineering, and </strong><strong>SDK</strong><strong>/Agent development</strong>. The ideal candidate should demonstrate <strong>deep security expertise, broad technical coverage, strong hands-on engineering capability, and exceptional influence in driving security governance across business teams</strong>.</div> <div class="ace-line ace-line old-record-id-VhAAd9EtnoP9uDxtiUZlBDKCg3b"> </div> </div> <h2 class="heading-2 ace-line old-record-id-doxushHxPgvpIV0pJrijghkWDWe"><strong>What You’ll Be Doing </strong></h2> <div data-page-id="AiPQdXfdFoecDex1OG7lJgYoghb" data-lark-html-role="root" data-docx-has-block-data="false"> <ol class="list-number1"> <li class="ace-line ace-line old-record-id-EOxSdCSyfoCPjFxoQ38lE5sMg6e" data-list="number"> <div>Lead the architecture and core development of the company’s <strong>end-to-end DevSecOps platform, security products, and SDKs/Agents</strong>, covering code, build, artifacts, images, deployment, and runtime security.</div> </li> <li class="ace-line ace-line old-record-id-LUgxdb6eeopsBlxBnkSls2VZgPg" data-list="number"> <div>Own the design and development of <strong>RASP / Java Agent runtime protection</strong>, leveraging <strong>ASM, ByteBuddy, and Java Instrumentation</strong> for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.</div> </li> <li class="ace-line ace-line old-record-id-QhzgdTHVmot5Rvxz7K3lDcUKgsH" data-list="number"> <div>Build and integrate <strong>SAST, DAST, IAST, SCA, code security scanning, and image security scanning</strong> into CI/CD workflows, and drive deep integration of tools such as <strong>SonarQube</strong><strong> and Coverity</strong> to form a closed loop of scanning, gating, remediation, and re-validation.</div> </li> <li class="ace-line ace-line old-record-id-Xj3ydS6QSo1Slvx60g0lHpt2gpg" data-list="number"> <div>Drive core application security protection and offensive/defensive capabilities across scenarios such as <strong>XSS, </strong><strong>SQL</strong><strong> injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security</strong>.</div> </li> <li class="ace-line ace-line old-record-id-GPdOdsV97oFEK5xg1HilPywZgFf" data-list="number"> <div>Advance <strong>AI-Native Security Engineering</strong> by applying <strong>LLMs and AI Agents</strong> to vulnerability analysis, rule generation, false-positive reduction, remediation suggestions, security knowledge management, and workflow automation, while building deep understanding of their architecture, principles, and security implications.</div> </li> <li class="ace-line ace-line old-record-id-DHfddf98oopnOnxTXqDl3I1dgtz" data-list="number"> <div>Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.</div> </li> <li class="ace-line ace-line old-record-id-Sdlod9VVioFbipxfydalcOALggh" data-list="number"> <div>Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.</div> </li> </ol> </div> <p> </p> <h2 class="heading-2 ace-line old-record-id-doxusWnZPeJsdMU53QGew90VQeh"><strong>What We Look For In You </strong></h2> <div data-page-id="AiPQdXfdFoecDex1OG7lJgYoghb" data-lark-html-role="root" data-docx-has-block-data="false"> <ol class="list-number1"> <li class="ace-line ace-line old-record-id-BJ6ddZ6SIotYFVxk1b1lDsCygFh" data-list="number"> <div>Strong fundamentals in computer science and security, with deep understanding of <strong>operating systems, networking, compilers/</strong><strong>JVM</strong><strong> internals, distributed systems, application security, cloud-native security, and software supply chain security</strong>, with both <strong>breadth and depth</strong> in security technologies.</div> </li> <li class="ace-line ace-line old-record-id-EonrdtQqNof7KaxXf8DlFcHHgjc" data-list="number"> <div><strong>Expert-level Java proficiency</strong>, especially in <strong>JVM</strong><strong> internals, </strong><strong>ClassLoader</strong><strong>, Java Agent, ASM, ByteBuddy, bytecode instrumentation, profiling, and performance tuning</strong>; proficient in <strong>Python or Golang</strong> as well.</div> </li> <li class="ace-line ace-line old-record-id-GBotddH8toWoq8xgrnZlF3vdg2d" data-list="number"> <div>Proven hands-on experience with <strong>RASP, SAST, DAST, IAST, SCA, image security, and code security scanning</strong>, with the ability to independently design, integrate, and productionize security capabilities.</div> </li> <li class="ace-line ace-line old-record-id-DALOdOyd4oyHaoxTpfUlCfH2grD" data-list="number"> <div>Strong <strong>offensive and defensive security experience</strong>, with deep understanding of vulnerability root causes, exploitation techniques, detection logic, bypass methods, and remediation strategies in web, API, and microservice environments.</div> </li> <li class="ace-line ace-line old-record-id-PiT0dw5lAoiUH8xwDeNlQXOPg5b" data-list="number"> <div>Strong practical experience with <strong>LLMs and AI Agents</strong>, plus deep understanding of model architecture, agent design, tool invocation, context engineering, evaluation methods, and the impact of AI on both security engineering and attacker capabilities.</div> </li> <li class="ace-line ace-line old-record-id-AjyGdQPbzoIXRvxnrpDlOi5cgXh" data-list="number"> <div>Strong engineering and product mindset, capable of leading the design and implementation of security products, platform modules, and SDKs/Agents while balancing <strong>security effectiveness, performance overhead, integration cost, and operability</strong>.</div> </li> <li class="ace-line ace-line old-record-id-TQ5ud4O5oo9ILaxOHnylnhBng0d" data-list="number"> <div>Strong ownership, communication skills, and cross-functional influence, with a proven ability to drive business teams on security governance, policy adoption, and remediation outcomes.</div> </li> </ol> </div> <p> </p> <h2 class="heading-2 ace-line old-record-id-doxusWnZPeJsdMU53QGew90VQeh"><strong>Preferred Qualifications</strong></h2> <div data-page-id="AiPQdXfdFoecDex1OG7lJgYoghb" data-lark-html-role="root" data-docx-has-block-data="false"> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-Nkskdbsx1oaTtGxtWn8l63Ltg9e" data-list="bullet"> <div>Background from <strong>top-tier Internet companies, cloud providers, or leading cybersecurity vendors</strong>;</div> </li> <li class="ace-line ace-line old-record-id-Y4u1d1lHYoM6Z8x1rl5lGCfggAO" data-list="bullet"> <div>Experience leading <strong>DevSecOps platforms, application security platforms, RASP systems, code scanning platforms, or cloud-native security platforms</strong>;</div> </li> <li class="ace-line ace-line old-record-id-HG02dz51pohzovxR6rZlN3JEg0Y" data-list="bullet"> <div>Strong experience in <strong>security product development, </strong><strong>SDK</strong><strong>/Agent development, vulnerability research, penetration testing, red/blue team exercises, or incident response</strong>;</div> </li> <li class="ace-line ace-line old-record-id-DnUydoAcIo2ognxIEDjlCT1Tgjg" data-list="bullet"> <div>Hands-on experience in <strong>AI + Security</strong> initiatives such as security copilots, intelligent rule generation, automated vulnerability analysis, or remediation recommendation systems.</div> </li> </ul> <p> </p> </div> <h2><strong>Perks & Benefits </strong></h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-Gb04dtjtMoHmldxfAjXuI6P4snC" data-list="bullet"> <div>Competitive total compensation package</div> </li> <li class="ace-line ace-line old-record-id-Gb04dtjtMoHmldxfAjXuI6P4snC" data-list="bullet">L&D programs and education subsidy for employees' growth and development</li> <li class="ace-line ace-line old-record-id-doxusfCPfNQIPMLDddcFHLcCJRC" data-list="bullet"> <div>Various team building programs and company events</div> </li> <li class="ace-line ace-line old-record-id-doxusfCPfNQIPMLDddcFHLcCJRC" data-list="bullet">Wellness and meal allowances</li> <li class="ace-line ace-line old-record-id-doxusfCPfNQIPMLDddcFHLcCJRC" data-list="bullet">Comprehensive healthcare schemes for employees and dependants</li> <li class="ace-line ace-line old-record-id-doxusfCPfNQIPMLDddcFHLcCJRC" data-list="bullet">More that we love to tell you along the process!</li> </ul> <p> </p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div><div class="content-conclusion"><div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only"><span class="text-only" data-eleid="6">Notice:<br></span></span></span> <div data-lark-html-role="root"><span class="text-only" data-eleid="26"><span class="text-only">All official </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only"> vacancies are published on this website.</span></span> <span class="text-only" data-eleid="28"><span class="text-only">While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. </span></span><strong><span class="text-only" data-eleid="29"><span class="text-only">If in doubt, please apply directly through our official careers website.</span></span></strong></div> </div> <div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only">Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only">'s </span></span><a class="link rich-text-anchor __anchor-intercept-flag__ text-content-link" href="https://www.okx.com/en-eu/help/okx-candidate-privacy-notice" target="_blank" data-eleid="19" data-lark-is-custom="true" data-lark-link="true">Candidate Privacy Notice</a><span class="text-only" data-eleid="20"><span class="text-only">.</span></span></div></div>