Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior/Staff Engineer, Security Platform Development (Web3): Developing core security engineering and DevSecOps capabilities with an accent on security product development, platform engineering, and SDK/Agent development. Focus on designing RASP/Java Agent runtime protection, integrating automated security scanning into CI/CD, and advancing AI-Native security engineering using LLMs.
Location: Hong Kong or Singapore. Applicants must have current right to work in Singapore; sponsorship is not provided.
Company
OKX is a leading crypto exchange and developer of OKX Wallet, providing millions of users and institutions access to crypto trading and decentralized applications.
What you will do
- Lead the architecture and development of the end-to-end DevSecOps platform, security products, and SDKs/Agents.
- Design and develop RASP / Java Agent runtime protection using ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement and detection engines.
- Integrate SAST, DAST, IAST, SCA, and image security scanning (e.g., SonarQube, Coverity) into CI/CD workflows.
- Implement protections against XSS, SQL injection, SSRF, deserialization, and API security vulnerabilities.
- Develop AI-Native security tools using LLMs and AI Agents for vulnerability analysis, rule generation, and workflow automation.
- Partner with business engineering teams to implement security standards, quality gates, and governance mechanisms.
Requirements
- Deep expertise in OS, networking, JVM internals, distributed systems, and cloud-native security.
- Expert-level Java proficiency, specifically with ClassLoader, Java Agent, ASM, ByteBuddy, and performance tuning.
- Proficiency in Python or Golang.
- Proven experience with RASP, SAST, DAST, IAST, and SCA tools in production environments.
- Strong offensive and defensive security background, including vulnerability root cause analysis and exploitation techniques.
- Practical experience with LLMs and AI Agents, including model architecture and context engineering.
- Current right to work in Singapore is required.
Nice to have
- Background from top-tier Internet companies, cloud providers, or cybersecurity vendors.
- Experience leading the development of application security or cloud-native security platforms.
- Experience in vulnerability research, penetration testing, or red/blue team exercises.
- Hands-on work with AI + Security initiatives like security copilots or automated remediation systems.
Culture & Benefits
- Competitive total compensation package.
- L&D programs and education subsidies for professional growth.
- Wellness and meal allowances.
- Comprehensive healthcare schemes for employees and their dependants.
- Various team building programs and company events.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →