Who We Are
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom.
OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps).
OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.
We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.
About the Opportunity
This role offers the opportunity to lead vulnerability management efforts from a security and compliance perspective, ensuring a complete governance lifecycle. You will analyze the scope and priority of vulnerabilities, develop scanning and suppression rules for SAST, DAST, and IAST, and contribute to the accuracy and efficiency of detection processes. In complex scenarios, you will reproduce vulnerabilities and establish standardized SOPs for vulnerability handling and secure coding practices. Additionally, you will focus on governing existing business operations to enhance overall security capabilities and ensure sustainable improvements.
What You’ll Be Doing
-
Govern security vulnerabilities discovered by SAST and DAST, complete the remediation process, and enhance overall enterprise security.
-
Integrate security requirements based on business scenarios, optimize vulnerability scanning and remediation processes, and improve handling efficiency.
-
Reproduce vulnerabilities in complex environments and optimize various SOPs for vulnerability handling and secure coding practices to ensure successful implementation.
-
Develop and maintain scanning rules and suppression rules for SAST, DAST, and IAST, including but not limited to Fortify, CodeQL, Xray, AWVS, etc.
-
Perform comprehensive code audits to improve vulnerability coverage, accuracy, and ensure code security and compliance.
-
Provide technical guidance and support to team members on security best practices.
What We Look For In You
-
Minimum 5 years of experience in DevSecOps or related fields.
-
Proficient in the principles and practices of SAST, DAST, and IAST.
-
Extensive experience using various scanning engines for code auditing and developing scanning rules.
-
Deep understanding of microservices architecture, with familiarity in reproducing vulnerabilities in microservice and RPC environments.
-
Knowledge of service chain tracking technologies.
-
Able to reproduce and resolve complex environment vulnerabilities identified by SAST, DAST, and IAST.
-
Strong development skills in Java and/or Golang.
-
Excellent problem-solving abilities and attention to detail.
-
Strong communication and teamwork skills.
Nice to Haves
-
Familiarity with application layer and cloud-native architecture, as well as related security governance.
-
Relevant security certifications.
-
Experience developing open-source security tools or involvement in the development and optimization of vulnerability scanning engines and governance platforms.
-
Familiarity with common web application architectures and their security vulnerabilities, with solid experience in vulnerability reproduction and remediation.
Perks & Benefits
-
Competitive total compensation package
-
L&D programs and Education subsidy for employees' growth and development
-
Various team building programs and company events
-
Wellness and meal allowances
-
Comprehensive healthcare schemes for employees and dependants
-
More that we love to tell you along the process!