Mobile Engineer, Security

About OKX:

Founded in 2017, OKX is one of the world’s leading cryptocurrency spot and derivatives exchanges. OKX innovatively adopted blockchain technology to reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 20 million users in over 180 regions globally, OKX strives to provide an engaging platform that empowers every individual to explore the world of crypto. In addition to its world-class DeFi exchange, OKX serves its users with OKX Insights, a research arm that is at the cutting edge of the latest trends in the cryptocurrency industry. With its extensive range of crypto products and services and unwavering commitment to innovation, OKX’s vision is a world of financial access backed by blockchain and the power of decentralized finance.

About the team:

As a mobile software engineer, you will build and maintain a core OKX app with millions of daily active users. You will work cross-functionally with design, product and other engineering teams to identify customer needs, and ship high-quality new features through fast iterations. This is an opportunity to learn the full life cycle of crypto mobile applications including pro/retail trading, asset management and wallet.

• Responsible for reverse engineering the company's apps, analyzing defense weaknesses, and enhancing the company's app security level.
• Develop mobile application security products, including but not limited to app shielding, DEX reinforcement, string obfuscation, anti-tampering, anti-reverse engineering, anti-debugging, and data encryption.
• Research the latest mobile security attack and defense technologies and apply them appropriately to enhance the protection level on both platforms.
• Responsible for building app security scanning platforms and vulnerability metric platforms to support privacy compliance and vulnerability scanning tools.
• Drive risk mitigation and provide necessary technical support to business departments.
• Analyze and track security-related issues reported by users.

• Bachelor's or Master's degree in Computer Science or a related field.
• Over 5 years of experience in mobile security, with good coding skills. Proficient in at least two languages, such as Java, Kotlin, C/C++, Objective-C, Swift, Python, etc.
• Proficient in reverse engineering techniques on Android or iOS platforms, capable of combating common obfuscation, anti-debugging, and jailbreak detection.
• Have certain development capabilities on Android or iOS platforms, able to independently develop PoC to assist in reverse engineering.
• Proficient in using hook frameworks such as Xposed and Frida.
• Excellent communication and coordination skills, strong teamwork spirit, outstanding execution ability, and strong problem analysis and solving abilities.

Nice-to-have:

• Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
• Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
• In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
• Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
• Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
• Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.

Perks & Benefits:

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process!