Job Description

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX\'s sponsorship of a visaWho We AreAt OKX, we believe the future will be reshaped by technology. Founded in 2017, we are revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 50 million users in over 180 countries globally, OKX empowers every individual to explore the world of Web3. With our extensive range of products and services, and unwavering commitment to innovation, OKX envisions a world of financial access backed by blockchain and the power of decentralized finance.We are innovative in the way we think, work, and in the products we create. We are also socially responsible by actively participating and encouraging employees to take part in various public welfare activities. With more than 3,000 employees around the world, we believe embracing diversity and inclusion will spark the creation of long-term value for the industry. Come Build the Future with Us now!What You\'ll Be DoingConduct and manage Static Application Security Testing (SAST) to identify security vulnerabilities in the code.Develop and maintain SAST scan rules, particularly using Fortify and CodeQL.Perform comprehensive code audits to ensure code security and compliance.Reproduce vulnerabilities identified by SAST in complex environments, especially in microservices scenarios.Collaborate with development and operations teams to integrate security practices into the DevSecOps pipeline.Provide technical guidance and support to team members regarding security best practices.What We Look For In YouMinimum of 5 years of experience in DevSecOps or related fields.Proficient in the principles and practices of SAST.Extensive experience in code auditing and development of scan rules using Fortify and CodeQL.Strong understanding of microservices in Java and Golang.Knowledge of service link tracing technologies.Ability to reproduce and address complex vulnerabilities identified by SAST.Solid development skills in Java and/or Golang.Excellent problem-solving skills and attention to detail.Strong communication and teamwork skills.Preferred QualificationsExperience with other security testing tools and methodologies.Certifications in relevant security disciplines.Familiarity with cloud-native architectures and containerization technologies like Docker and Kubernetes.Perks & BenefitsCompetitive total compensation package L&D programs and Education subsidy for employees\' growth and developmentVarious team building programs and company eventsWellness and meal allowancesComprehensive healthcare schemes for employees and dependantsMore that we love to tell you along the process!

OKX