Junior Security Engineer

About OKX

OKX is a leading crypto trading app, and a Web3 ecosystem. Trusted by more than 20 million global customers in over 180 international markets, OKX is known for being the fastest and most reliable crypto trading app of choice for investors and professional traders globally.

Since 2017, OKX has served a global community of people who share a common interest in participating in a new financial system that is designed to be a level playing field for everyone. We strive to educate people on the potential of crypto markets and how to invest Beyond the OKX trading app, our Web3 wallet, known as MetaX, is our latest offering for people looking to explore the world of NFTs and the metaverse while trading GameFi and DeFi tokens.

Responsibilities:

• Responsible for formulating company's security policies, procedures and conducting Security Training for company employees when necessary.
• Responsible for the company's business systems, application components, web and mobile security penetration testing, security audit, threat and risk assessment and provide suitable remediation.
• Responsible for the tracking, analysis and validating of internal, external SRC and cloud security bugs. Provide solutions for remediations.
• Keep updated on knowledge of the IT security industry: including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques and tools
• Assist in emergency response to cyber security incidents.

Requirements:

• Bachelor degree in computer application, computer network, communication engineering, information security and other related majors
• Have R & D ability, at least proficient in one programming or scripting language php, C, C++, Java or proficient in scripting language Python/Shell/Perl, etc., familiar with Linux operations
• Familiar with mainstream Web attack and defence technologies, including OWASP TOP 10 security risks such as SQL injection, XSS, CSRF, etc
• Familiar with security product tools such as: Nessus, AWVS, Appscan, Burp, webInspect, kali, etc. Web penetration testing, third-party SRC vulnerability platform
• Quick and clear logical thinking, strong language and written expression skills, good communication skills, the ability to learn quickly, analyze and solve problems, and the habit of understanding the principles of things
• Fluency in Chinese (Good to have)