Job Application for Expert Application Security Engineer at OKX

About OKX:

Founded in 2017, OKX is one of the world’s leading cryptocurrency spot and derivatives exchanges. OKX innovatively adopted blockchain technology to reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 20 million users in over 180 regions globally, OKX strives to provide an engaging platform that empowers every individual to explore the world of crypto. In addition to its world-class DeFi exchange, OKX serves its users with OKX Insights, a research arm that is at the cutting edge of the latest trends in the cryptocurrency industry. With its extensive range of crypto products and services and unwavering commitment to innovation, OKX’s vision is a world of financial access backed by blockchain and the power of decentralized finance.

Responsibilities:

Identify and address security vulnerabilities in code, systems, and networks using manual review, automated tools, and threat modeling.
Manage and optimize application security tools, processes, and alerts.
Validate and respond to Bug Bounty submissions.
Stay informed on the latest offensive security techniques, application security threats, and best practices, and suggest improvements to enhance our security posture.
Produce detailed reports of your findings, present them to both management and technical teams, and contribute to preventing real-world attacks.
Collaborate with development teams to implement secure coding practices.
Work alongside other teams, including operations and compliance, to ensure that security is a consistent priority across the organization.
Participate in incident response and management activities.

Qualifications:

3+ years of experience in offensive security techniques.
In-depth understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
Proficient in code review, particularly with Kotlin/Swift/Typescript/JavaScript, with a strong grasp of application security threats.
Ability to create proof-of-concepts (PoCs) to demonstrate vulnerabilities, review patch code for adherence to standards, and collaborate with repository owners and maintainers.
Strong analytical and problem-solving abilities.
Excellent verbal and written communication skills.

Nice-to-have:

Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.

Perks & Benefits:

Competitive total compensation package
L&D programs and Education subsidy for employees' growth and development
Various team building programs and company events
More that we love to tell you along the process!

Expert Application Security Engineer

Apply for this job