Okx4h ago
New
New
Senior/Staff Engineer, Security Platform Development
OtherStaff Engineer
0 views0 saves0 applied
Quick Summary
Overview
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa. Who We Are At OKX,
Technical Tools
OtherStaff Engineer
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
About the Role
~1 min readAs a Technical Expert, you will lead the development of the company’s core security engineering and DevSecOps capabilities, with a strong focus on security product development, platform engineering, and SDK/Agent development. The ideal candidate should demonstrate deep security expertise, broad technical coverage, strong hands-on engineering capability, and exceptional influence in driving security governance across business teams.
Responsibilities
~2 min read- →
Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
- →
Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
- →
Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
- →
Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
- →
Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.
- →
Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.
-
Strong fundamentals in computer science and security, with deep understanding of operating systems, networking, compilers/JVM internals, distributed systems, application security, cloud-native security, and software supply chain security, with both breadth and depth in security technologies.
-
Expert-level Java proficiency, especially in JVM internals, ClassLoader, Java Agent, ASM, ByteBuddy, bytecode instrumentation, profiling, and performance tuning; proficient in Python or Golang as well.
-
Proven hands-on experience with RASP, SAST, DAST, IAST, SCA, image security, and code security scanning, with the ability to independently design, integrate, and productionize security capabilities.
-
Strong offensive and defensive security experience, with deep understanding of vulnerability root causes, exploitation techniques, detection logic, bypass methods, and remediation strategies in web, API, and microservice environments.
-
Strong practical experience with LLMs and AI Agents, plus deep understanding of model architecture, agent design, tool invocation, context engineering, evaluation methods, and the impact of AI on both security engineering and attacker capabilities.
-
Strong engineering and product mindset, capable of leading the design and implementation of security products, platform modules, and SDKs/Agents while balancing security effectiveness, performance overhead, integration cost, and operability.
-
Strong ownership, communication skills, and cross-functional influence, with a proven ability to drive business teams on security governance, policy adoption, and remediation outcomes.
Requirements
~1 min read-
Background from top-tier Internet companies, cloud providers, or leading cybersecurity vendors;
-
Experience leading DevSecOps platforms, application security platforms, RASP systems, code scanning platforms, or cloud-native security platforms;
-
Strong experience in security product development, SDK/Agent development, vulnerability research, penetration testing, red/blue team exercises, or incident response;
-
Hands-on experience in AI + Security initiatives such as security copilots, intelligent rule generation, automated vulnerability analysis, or remediation recommendation systems.
What We Offer
~1 min read✓Competitive total compensation package
✓L&D programs and education subsidy for employees' growth and development
✓Various team building programs and company events
✓Wellness and meal allowances
✓Comprehensive healthcare schemes for employees and dependants
✓More that we love to tell you along the process!
Location & Eligibility
Where is the job
Hong Kong Sar, Hong Kong
On-site at the office
Who can apply
HK
Listing Details
- Posted
- July 6, 2026
- First seen
- July 6, 2026
- Last seen
- July 6, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 67%
- Scored at
- July 6, 2026
Signal breakdown
freshnesssource trustcontent trustemployer trust

Okx
greenhouse
OKX is a global cryptocurrency exchange and Web3 technology company, offering trading, wallet services, and access to decentralized finance. Founded in 2017, it serves millions of users in over 100 countries.
View company profileExternal application · ~5 min on Okx's site
Please let Okx know you found this job on Jobera.
Browse Similar Jobs
Newsletter
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
A
B
C
D
No spam. Unsubscribe at any time.