Senior/Staff Engineer, Security Platform Development

OKX · Remote / APAC

Sector
Fintech
Function
Product & Engineering
Level
Mid-Level
Posted
2026-07-06
Source
greenhouse
Remote
Yes

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About The Opportunity

As a Technical Expert, you will lead the development of the company’s core security engineering and DevSecOps capabilities, with a strong focus on security product development, platform engineering, and SDK/Agent development. The ideal candidate should demonstrate deep security expertise, broad technical coverage, strong hands-on engineering capability, and exceptional influence in driving security governance across business teams.

What You’ll Be Doing

Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.

Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.

Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.

Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.

Advance AI-Native Security Engineering by applying LLMs and AI Agents to vulnerability analysis, rule generation, false-positive reduction, remediation suggestions, security knowledge management, and workflow automation, while building deep understanding of their architecture, principles, and security implications.

Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.

Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.

What We Look For In You

Strong fundamentals in computer science and security, with deep understanding of operating systems, networking, compilers/JVM internals, distributed systems, application security, cloud-native security, and software supply chain security, with both breadth and depth in security technologies.

Expert-level Java proficiency, especially in JVM internals, ClassLoader, Java Agent, ASM, ByteBuddy, bytecode instrumentation, profiling, and performance tuning; proficient in Python or Golang as well.

Proven hands-on experience with RASP, SAST, DAST, IAST, SCA, image security, and code security scanning, with the ability to independently design, integrate, and productionize security capabilities.

Strong offensive and defensive security experience, with deep understanding of vulnerability root causes, exploitation techniques, detection logic, bypass methods, and remediation strategies in web, API, and microservice environments.

Strong practical experience with LLMs and AI Agents, plus deep understanding of model architecture, agent design, tool invocation, context engineering, evaluation methods, and the impact of AI on both security engineering and attacker capabilities.

Strong engineering and product mindset, capable of leading the design and implementation of security products, platform modules, and SDKs/Agents while balancing security effectiveness, performance overhead, integration cost, and operability.

Strong ownership, communication skills, and cross-functional influence, with a proven ability to drive business teams on security governance, policy adoption, and remediation outcomes.

Preferred Qualifications

Background from top-tier Internet companies, cloud providers, or leading cybersecurity vendors;

Experience leading DevSecOps platforms, application security platforms, RASP systems, code scanning platforms, or cloud-native security platforms;

Strong experience in security product development, SDK/Agent development, vulnerability research, penetration testing, red/blue team exercises, or incident response;

Hands-on experience in AI + Security initiatives such as security copilots, intelligent rule generation, automated vulnerability analysis, or remediation recommendation systems.

Perks & Benefits

Competitive total compensation package

L&D programs and education subsidy for employees' growth and development

Various team building programs and company events

Wellness and meal allowances Comprehensive healthcare schemes for employees and dependants More that we love to tell you along the process!

Notice: All official OKX vacancies are published on this website. While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. If in doubt, please apply directly through our official careers website.

Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to OKX's Candidate Privacy Notice.

Apply on greenhouse →
Fintech Product & Engineering