Product Security Engineer

Who We Are

At OKX, we believe the future will be reshaped by technology. Founded in 2017, we are building the world’s most powerful and reliable crypto trading and Web3 ecosystem. We have created a safe, secure, and transparent environment that empowers millions of people to explore the world of crypto. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. We are a team of risk-minded problem solvers and passionate builders who are committed to creating a world of financial access for everyone.

About the Opportunity

As a Senior/Staff Security Architect, you will be a critical member of the Product Security team, responsible for ensuring the security and integrity of the OKX platform for millions of global users. You will act as a key technical leader, embedding security into every stage of the product lifecycle. This is a hands-on role where you will work cross-functionally with Product, Engineering, and Design teams to identify and mitigate security risks, from initial concept to deployment and beyond. This is an opportunity to work with a world-class security team to protect the future of finance and Web3.

What You'll Be Doing

• Lead and perform comprehensive security architecture reviews, threat modeling, and risk assessments for new and existing products and services.
• Drive the design, implementation, and continuous improvement of the Secure Software Development Lifecycle (SDLC) across all engineering teams.
• Serve as a subject matter expert and provide hands-on security guidance on secure coding practices, cryptography, and security controls to product and engineering teams.
• Develop and maintain robust security standards, guidelines, and patterns for building secure applications and services.
• Conduct in-depth security design reviews, source code audits, and penetration tests to proactively identify and remediate complex vulnerabilities.
• Mentor and guide junior engineers and developers on security best practices, fostering a culture of security awareness throughout the organization.
• Research emerging threats, vulnerabilities, and attack vectors in the crypto and fintech space to continuously enhance OKX's security posture.

What We Look For In You

• 8 to 12 plus years of relevant experience in a security architecture, product security, or application security role.
• Bachelor's degree or higher in Computer Science, Information Security, or a related field.
• Deep expertise in application security principles (OWASP Top 10), secure architecture design, and threat modeling frameworks (e.g., STRIDE).
• Proven experience in building, deploying, and managing a Secure SDLC program in a fast-paced, agile environment.
• Hands-on experience with security testing tools, including SAST, DAST, IAST, and manual penetration testing techniques.
• Strong knowledge of cloud security (AWS, GCP) and container security (Docker, Kubernetes).
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

Nice to Haves

• Experience in the blockchain, cryptocurrency, or fintech industry.
• Proficiency in one or more programming languages such as Go, Rust, Java, or Python.
• Relevant security certifications (e.g., CISSP, CSSLP, GWEB, OSCP).
• Experience contributing to open-source security projects or bug bounty programs.
• Fluency in Mandarin is a plus, as the role may require collaboration with global teams.

Perks & Benefits

• Competitive total compensation package
• L&D programs and education subsidy for your growth and development
• Various team-building programs and company events
• Comprehensive healthcare schemes for employees and their dependents
• Wellness and meal allowances
• More that we'd love to tell you about along the process!

OKX Statement

OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status.