Назад
3 дня назад

Senior/Staff Engineer, Security Platform Development (Web3)

Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
Singapore/China
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior/Staff Engineer, Security Platform Development (Web3): Developing core security engineering and DevSecOps capabilities with an accent on security product development, platform engineering, and SDK/Agent development. Focus on designing RASP/Java Agent runtime protection, integrating automated security scanning into CI/CD, and advancing AI-Native security engineering using LLMs.

Location: Hong Kong or Singapore. Applicants must have current right to work in Singapore; sponsorship is not provided.

Company

OKX is a leading crypto exchange and developer of OKX Wallet, providing millions of users and institutions access to crypto trading and decentralized applications.

What you will do

  • Lead the architecture and development of the end-to-end DevSecOps platform, security products, and SDKs/Agents.
  • Design and develop RASP / Java Agent runtime protection using ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement and detection engines.
  • Integrate SAST, DAST, IAST, SCA, and image security scanning (e.g., SonarQube, Coverity) into CI/CD workflows.
  • Implement protections against XSS, SQL injection, SSRF, deserialization, and API security vulnerabilities.
  • Develop AI-Native security tools using LLMs and AI Agents for vulnerability analysis, rule generation, and workflow automation.
  • Partner with business engineering teams to implement security standards, quality gates, and governance mechanisms.

Requirements

  • Deep expertise in OS, networking, JVM internals, distributed systems, and cloud-native security.
  • Expert-level Java proficiency, specifically with ClassLoader, Java Agent, ASM, ByteBuddy, and performance tuning.
  • Proficiency in Python or Golang.
  • Proven experience with RASP, SAST, DAST, IAST, and SCA tools in production environments.
  • Strong offensive and defensive security background, including vulnerability root cause analysis and exploitation techniques.
  • Practical experience with LLMs and AI Agents, including model architecture and context engineering.
  • Current right to work in Singapore is required.

Nice to have

  • Background from top-tier Internet companies, cloud providers, or cybersecurity vendors.
  • Experience leading the development of application security or cloud-native security platforms.
  • Experience in vulnerability research, penetration testing, or red/blue team exercises.
  • Hands-on work with AI + Security initiatives like security copilots or automated remediation systems.

Culture & Benefits

  • Competitive total compensation package.
  • L&D programs and education subsidies for professional growth.
  • Wellness and meal allowances.
  • Comprehensive healthcare schemes for employees and their dependants.
  • Various team building programs and company events.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →