Security Engineer

About OKX

OKX is a leading crypto trading app, and a Web3 ecosystem. Trusted by more than 20 million global customers in over 180 international markets, OKX is known for being the fastest and most reliable crypto trading app of choice for investors and professional traders globally.

Since 2017, OKX has served a global community of people who share a common interest in participating in a new financial system that is designed to be a level playing field for everyone. We strive to educate people on the potential of crypto markets and how to invest Beyond the OKX trading app, our Web3 wallet, known as MetaX, is our latest offering for people looking to explore the world of NFTs and the metaverse while trading GameFi and DeFi tokens.

Responsibilities:

• Performing and supporting cyber incident response operations.
• Conduct penetration testing to identify security vulnerabilities in different environments (Web/ network/mobile application).
• Conduct code reviews and application security tests manually or automatically.
• Keep updated on knowledge of the IT security industry: including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques and tools
• Assist with the Bug Bounty Program by liaising with external consultants and remediate the findings.
• To conduct security awareness training
• Develop and maintain IT security policy and standards.
• Assist in establishing infrastructure review processes on network and infrastructure operation.
• Assist support for deployment and promotion of security products.

Requirements:

• Degree holder in Computer Science or Masters in Information Systems / Technology
• 2+ years of Information Security experience in the Financial industry/ Tech company
• Familiar with mainstream Web attack and defense technologies, including OWASP TOP 10 security risks such as SQL injection, XSS, CSRF, etc
• Familiar with mainstream security product tools such as: Nessus, AWVS, Appscan, Burp, webInspect, kali, etc. Web penetration testing, third-party SRC vulnerability platform
• Hands on knowledge of Penetration Testing & Vulnerability Assessment
• Experience in cybersecurity operations to include Vulnerability Management, Incident Response
• Familiar with cyber security compliance
• Fluency in Chinese (Good to have)