Security Technology Governance Engineer

OKX • Full-time • Singapore, Singapore • 4d ago

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Team

The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.

Main Responsibilities:

Security Risk Identification and Assessment:
- Evaluate the access control mechanisms of enterprise systems from a technical perspective, identifying instances of excessive permissions or control defects.
- Review cloud platform configurations and security group policies to identify potential security vulnerabilities and design flaws.
- Assess technical protective measures during the transfer process of key enterprise data, identifying data leakage risk points.
- Inspect the security configurations of various technical platforms and tools to identify gaps in security policy implementation.
- Evaluate the effectiveness of endpoint protection technologies, identifying areas where security protection is lacking.
Technical Governance Plan Design:
- Design technical remediation plans and best practices based on identified issues.
- Develop technical optimization pathways for enterprise permission systems based on the principle of least privilege.
- Formulate technical control strategies for data protection to ensure sensitive data is adequately protected at all stages.
- Design security auditing and monitoring schemes to ensure risk points are identified and addressed promptly.
- Assess the applicability of various security technologies and tools, recommending solutions that meet enterprise needs.
Remediation Promotion and Verification:
- Work closely with technical teams to effectively implement security remediation measures.
- Design and conduct technical verification tests to confirm that remediation measures achieve the desired effects.
- Establish a tracking mechanism for security technological improvements, monitoring the progress and effectiveness of remediations.
- Regularly review remediated projects to ensure their long-term effectiveness.
- Summarize the results of security governance to form a report on technological security improvements.

Qualifications:

Education and Experience:
- Bachelor’s degree or higher in Computer Science, Information Security, or a related technical field.
- At least 5 years of experience in security technology or security operations, with clear experience in security governance.
- Familiarity with the IT environments and security architectures of large enterprises.
Technical Skills:
- A solid foundation in security technologies, understanding common security threats and defense mechanisms.
- Familiarity with cloud security architectures and control mechanisms, with experience using mainstream cloud platforms such as AWS/Alibaba Cloud.
- Understanding of identity authentication and authorization technologies (such as RBAC, OAuth) and their application in enterprise environments.
- Knowledge of data security controls, understanding the workings of DLP, encryption, and other technologies.
- Some programming or scripting capabilities (e.g., Python, Shell), able to analyze and verify security issues.
- Familiarity with common security tools and their configuration.
Soft Skills:
- Excellent problem discovery and analytical skills, able to identify security flaws in complex systems.
- Good communication skills, able to clearly articulate technical security requirements and drive their implementation.
- Outstanding project management skills, able to coordinate resources from multiple parties to complete security improvements.
- Ability to think from other perspectives, balancing security needs with business development requirements.
- Patience and resilience, able to continuously push forward security improvements.