About this Senior/Staff Engineer, Security Platform Development role at OKX
Who We Are
About The Opportunity
What You’ll Be Doing
-
Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
-
Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
-
Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
-
Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
-
Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.
-
Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.
What We Look For In You
-
Strong fundamentals in computer science and security, with deep understanding of operating systems, networking, compilers/JVM internals, distributed systems, application security, cloud-native security, and software supply chain security, with both breadth and depth in security technologies.
-
Expert-level Java proficiency, especially in JVM internals, ClassLoader, Java Agent, ASM, ByteBuddy, bytecode instrumentation, profiling, and performance tuning; proficient in Python or Golang as well.
-
Proven hands-on experience with RASP, SAST, DAST, IAST, SCA, image security, and code security scanning, with the ability to independently design, integrate, and productionize security capabilities.
-
Strong offensive and defensive security experience, with deep understanding of vulnerability root causes, exploitation techniques, detection logic, bypass methods, and remediation strategies in web, API, and microservice environments.
-
Strong practical experience with LLMs and AI Agents, plus deep understanding of model architecture, agent design, tool invocation, context engineering, evaluation methods, and the impact of AI on both security engineering and attacker capabilities.
-
Strong engineering and product mindset, capable of leading the design and implementation of security products, platform modules, and SDKs/Agents while balancing security effectiveness, performance overhead, integration cost, and operability.
-
Strong ownership, communication skills, and cross-functional influence, with a proven ability to drive business teams on security governance, policy adoption, and remediation outcomes.
Preferred Qualifications
-
Background from top-tier Internet companies, cloud providers, or leading cybersecurity vendors;
-
Experience leading DevSecOps platforms, application security platforms, RASP systems, code scanning platforms, or cloud-native security platforms;
-
Strong experience in security product development, SDK/Agent development, vulnerability research, penetration testing, red/blue team exercises, or incident response;
-
Hands-on experience in AI + Security initiatives such as security copilots, intelligent rule generation, automated vulnerability analysis, or remediation recommendation systems.
Perks & Benefits
-
Competitive total compensation package
- L&D programs and education subsidy for employees' growth and development
-
Various team building programs and company events
- Wellness and meal allowances
- Comprehensive healthcare schemes for employees and dependants
- More that we love to tell you along the process!