Senior/Staff Engineer, Security Platform Development
OKX · Hong Kong, Hong Kong SAR; Singapore, Singapore · staff
OKX · Hong Kong, Hong Kong SAR; Singapore, Singapore · staff
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
As a Technical Expert, you will lead the development of the company’s core security engineering and DevSecOps capabilities, with a strong focus on security product development, platform engineering, and SDK/Agent development. The ideal candidate should demonstrate deep security expertise, broad technical coverage, strong hands-on engineering capability, and exceptional influence in driving security governance across business teams.
• Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
• Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
• Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
• Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
sourced from the original posting ↗ · always verify details there before applying
OKX · Hong Kong, Hong Kong SAR; Singapore, Singapore
OKX · Hong Kong, Hong Kong SAR