Okx
Okx5h ago
New

Senior/Staff Engineer, Security Platform Development

Hong KongHong Kong·Hong Kong Sarsenior
OtherStaff Engineer
0 views0 saves0 applied

Quick Summary

Overview

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa. Who We Are At OKX,

Technical Tools
OtherStaff Engineer
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
 
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. 
 
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
 

About the Role

~1 min read
As a Technical Expert, you will lead the development of the company’s core security engineering and DevSecOps capabilities, with a strong focus on security product development, platform engineering, and SDK/Agent development. The ideal candidate should demonstrate deep security expertise, broad technical coverage, strong hands-on engineering capability, and exceptional influence in driving security governance across business teams.
 

Responsibilities

~2 min read
  1. Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
  2. Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
  3. Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
  4. Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
  5. Advance AI-Native Security Engineering by applying LLMs and AI Agents to vulnerability analysis, rule generation, false-positive reduction, remediation suggestions, security knowledge management, and workflow automation, while building deep understanding of their architecture, principles, and security implications.
  6. Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.
  7. Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.

 

  1. Strong fundamentals in computer science and security, with deep understanding of operating systems, networking, compilers/JVM internals, distributed systems, application security, cloud-native security, and software supply chain security, with both breadth and depth in security technologies.
  2. Expert-level Java proficiency, especially in JVM internals, ClassLoader, Java Agent, ASM, ByteBuddy, bytecode instrumentation, profiling, and performance tuning; proficient in Python or Golang as well.
  3. Proven hands-on experience with RASP, SAST, DAST, IAST, SCA, image security, and code security scanning, with the ability to independently design, integrate, and productionize security capabilities.
  4. Strong offensive and defensive security experience, with deep understanding of vulnerability root causes, exploitation techniques, detection logic, bypass methods, and remediation strategies in web, API, and microservice environments.
  5. Strong practical experience with LLMs and AI Agents, plus deep understanding of model architecture, agent design, tool invocation, context engineering, evaluation methods, and the impact of AI on both security engineering and attacker capabilities.
  6. Strong engineering and product mindset, capable of leading the design and implementation of security products, platform modules, and SDKs/Agents while balancing security effectiveness, performance overhead, integration cost, and operability.
  7. Strong ownership, communication skills, and cross-functional influence, with a proven ability to drive business teams on security governance, policy adoption, and remediation outcomes.

 

Requirements

~1 min read
  • Background from top-tier Internet companies, cloud providers, or leading cybersecurity vendors;
  • Experience leading DevSecOps platforms, application security platforms, RASP systems, code scanning platforms, or cloud-native security platforms;
  • Strong experience in security product development, SDK/Agent development, vulnerability research, penetration testing, red/blue team exercises, or incident response;
  • Hands-on experience in AI + Security initiatives such as security copilots, intelligent rule generation, automated vulnerability analysis, or remediation recommendation systems.

 

What We Offer

~1 min read
Competitive total compensation package
L&D programs and education subsidy for employees' growth and development
Various team building programs and company events
Wellness and meal allowances
Comprehensive healthcare schemes for employees and dependants
More that we love to tell you along the process!

Location & Eligibility

Where is the job
Hong Kong Sar, Hong Kong
On-site at the office
Who can apply
HK

Listing Details

Posted
July 6, 2026
First seen
July 6, 2026
Last seen
July 6, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
67%
Scored at
July 6, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Okx
Okx
greenhouse

OKX is a global cryptocurrency exchange and Web3 technology company, offering trading, wallet services, and access to decentralized finance. Founded in 2017, it serves millions of users in over 100 countries.

Employees
5k+
Founded
2017
Domain
okx.com
View company profile
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

OkxSenior/Staff Engineer, Security Platform Development