Principal Security Operation Engineer

About UsEstablished in March 2018, Bybit is one of the fastest growing cryptocurrency derivatives exchanges, with more than 70 million registered users. We offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. We provide innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strive to be the most reliable exchange for the emerging digital asset class. Our core values define us. We listen, care, and improve to create a faster, fairer, and more humane trading environment for our users. Our innovative, highly advanced, user-friendly platform has been designed from the ground-up using best-in-class infrastructure to provide our users with the industry's safest, fastest, fairest, and most transparent trading experience. Built on customer-centric values, we endeavour to provide a professional, 24/7 multi-language customer support to help in a timely manner. As of today, Bybit is one of the most trusted, reliable, and transparent cryptocurrency derivatives platforms in the space.

Job responsibilities Red-blue confrontation drill

Responsible for developing and executing penetration testing, red-blue confrontation, and practical attack and defense drills that simulate real attack scenarios, identifying potential security risks in enterprise networks, applications, cloud environments, work networks, and core business systems.

Lead or participate in red-blue confrontation exercises to evaluate the defense team's ability in attack detection, alarm analysis, traceability analysis, emergency response, and recovery.

Based on the real attack chain design exercise scenario, covering extranet breakthrough, web vulnerability exploitation, phishing entrance, privilege escalation, lateral movement, Data Discovery, privilege maintenance, and defense bypass stages.

Combining the attack review results, promote the continuous optimization of security detection rules, response processes, asset governance, and security base lines.

Attack Surface Analysis and Threat Research

Identify enterprise network exposure, internet assets, cloud assets, APIs, supply chain components, and third-party access risks, evaluate attack paths, and provide mitigation recommendations.

Monitor and collect threat intelligence, track vulnerability exploitation trends, APT attack methods, red team toolchain changes, and apply them to enterprise attack and defense exercises.

Combining business scenarios to model attack paths and discover feasible attack chains from external exposure surfaces to core assets.

Tracking AI-related security risks, including security issues in large-scale model applications, RAG systems, Agent systems, plug-in/tool calls, MCP services, AI code generation, and automated workflows.

AI Security and Large Model Attack and Defense

Responsible for the security evaluation of AI applications, intelligent agent systems, RAG Knowledge Base, AI Agent toolchain, and model services within the enterprise.

Research and verify large-scale model-related attack techniques, including Prompt Injection, Jailbreak, Indirect Prompt Injection, data leakage, unauthorized tool invocation, security risks caused by model illusions, RAG poisoning, vector library pollution, sensitive information leakage, etc.

Design AI red team test cases and evaluation framework, and conduct security verification on model input and output, context isolation, permission control, tool call chain, and data access boundary.

Participate in the construction of AI security protection plan, including prompt word security policy, content security detection, tool call permission constraints, sensitive data desensitization, audit tracking, Agent sandbox isolation and security evaluation benchmark construction.

Explore the application of AI in red team automation, vulnerability analysis, attack path planning, PoC verification, and report generation, and promote the platformization, automation, and intelligence of attack and defense capabilities.

Tool and platform development

Develop and optimize Red Team-specific tools and scripts for vulnerability mining, information collection, privilege escalation, lateral movement, credential analysis, traffic disguise, defense bypass, and automated report generation.

Research and validate new attack techniques, and simulate real threats in combination with enterprise business scenarios.

Build or participate in the construction of automated security evaluation platform, integrated vulnerability scanning, audio fingerprint recognition, asset mapping, PoC verification, attack path analysis, AI Agent arrangement and other capabilities.

Combining LLM/Agent technology to explore automated penetration testing, intelligent vulnerability verification, code security auditing, and red team task scheduling.

Security evaluation and reporting

Conduct security evaluations on critical business systems, internal networks, cloud environments, work end points, API services, and AI applications, and output detailed technical reports, attack paths, impact analysis, and repair recommendations.

Output AI security evaluation reports for AI applications, including attack examples, risk levels, exploitable paths, data leakage risks, permission boundary issues, and governance recommendations.

Assist in improving enterprise security protection mechanisms, promote optimization of WAF, EDR, SIEM, NDR, HIDS, zero trust, identity permissions, and log auditing capabilities.

Transform attack and defense discovery into security detection rules, base line specifications, develop security requirements, and continuous governance mechanisms.

XFN collaboration

Collaborate with the blue team, security operation, infrastructure, R & D, algorithm, data, and business teams to complete attack review, vulnerability repair, detection rule optimization, and security capability building.

Provide security support to other departments of the enterprise, including emergency response drills, development security consulting, AI application pre-launch security review, and security training.

Participate in the security design review of AI applications and security products, and promote the advance of security capabilities in R & D, testing, and Pushonline.

Job requirements Basic skills

Proficient in basic knowledge of cyber security, including TCP/IP protocol, network architecture, identity authentication, access control, principles and configurations of common security devices.

Proficient in common attack techniques and red team toolchains, such as Sliver, Cobalt Strike, NPS, Burp Suite, Metasploit, Nmap, Masscan, Frida, Impacket, etc.

Familiar with mainstream operating systems Windows, Linux, macOS security mechanism, log system, permission model and common use.

Familiar with common web frameworks, API architectures, microservice structures, containers, and security risks in Kubernetes environments.

Offensive and defensive technical capabilities

Proficient in penetration testing and red team processes, including information collection, vulnerability scanning, vulnerability exploitation, intranet penetration, privilege escalation, lateral movement, privilege maintenance, Data Discovery, and trace cleaning.

Familiar with the working principles and adversarial methods of enterprise-level security products, including WAF, EDR, SIEM, NDR, HIDS, zero-trust gateway, bastion host, and identity authentication system.

Possess independent vulnerability analysis and PoC writing capabilities, able to reproduce, verify, and assess the impact of public vulnerabilities and 0day/1day risks.

Proficient in one or more programming/scripting languages, such as Python, Go, Bash, PowerShell, JavaScript, etc., with experience in tool development and automation platform construction.

AI security capabilities

Familiar with the basic architecture of large-scale model applications, familiar with technical forms such as Prompt, RAG, Embedding, vector databases, Agent, Function Calling, MCP, plugin systems, etc.

Understand or practice AI security testing methods, including Prompt Injection, Jailbreak, RAG data poisoning, sensitive information leakage, unauthorized tool invocation, model output security, Agent permission escape, etc.

Able to design security test cases for AI applications, evaluate model input/output, context isolation, data boundaries, permission control, and tool invocation chain risks.

Experience in using AI to assist security work, including vulnerability analysis, code auditing, intelligence analysis, attack path planning, report generation, or automated testing.

Familiar with AI application security governance ideas, including model call auditing, prompt word security, sensitive data protection, content security detection, permission minimization, and sandbox isolation.

Experience requirements

More than 5 years of experience in red team, penetration testing, security research, or offensive and defensive exercises.

Candidates with experience in large-scale enterprise attack and defense drills, red-blue confrontation, HW/major support, cloud attack and defense, or intranet penetration are preferred.

Candidates with experience in AI security, large-scale model security, intelligent agent security, automated penetration testing platform or security tool platform construction are preferred.

Familiar with enterprise security construction system, able to promote defense capability, detection capability, and governance process optimization from an attack perspective.

Other capabilities

Priority will be given to those who hold security-related certifications such as ♀ P, OSCE, CISSP, CISP, CEH, CISSP, CCSP, etc.

Possess strong document writing and expression abilities, able to output high-quality technical reports, review documents, attack chain analysis, and security construction plans.

Possess good problem analysis ability, learning ability, teamwork ability, and stress resistance.

Be sensitive to new technologies, new Attack Surfaces, and new tools, and be able to proactively research and share internally.

Bonus points

Familiar with Cloud Computing Platform security and cloud attack and defense technologies, such as AWS, Azure, GCP, Tencent Cloud, Alibaba Cloud, etc.

Familiar with Kubernetes, containers, Service Mesh, CI/CD, DevSecOps and supply chain security.

Possess experience in zero trust, secure operation, threat hunting, Attack Surface management, and vulnerability management platform construction.

Familiar with MCP Server, AI Agent framework, RAG system, vector database, LLM API gateway, model security evaluation framework.

Experience in Automated Red Team, AI Penetration Testing, Intelligent Vulnerability Verification, Agent Orchestration, Security Knowledge Base or Security RAG System Construction.

Experience in vulnerability submission, CVE, technical articles, open source projects, topic sharing, or tool release in the security community.

Familiar with security frameworks such as MITRE ATT & CK, OWASP Top 10, OWASP LLM Top 10, NIST AI RMF, etc.

Why Join UsAt Bybit, we are committed to fostering a supportive and enriching work environment. Our benefits include:- Study Growth Fund: We support your professional development and continuous learning.- Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.- Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.- Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.- Internal Mobility: Grow with us- Your long-term development is important to us. We offer internal job opportunities to help build your career path.