Community

Home >

Jobs >

Graduate Hire 2024/25 - Security Engineer (Technology Governance, Certification & Audit)

Graduate Hire 2024/25 - Security Engineer (Technology Governance, Certification & Audit)

2 Months ago • All levels

About the job

15 skills required for this role

Test your skills to join the top 1% applicants for this job

risk-management

java

principle

npm

github

kubernetes

aws

python

git

linux

cryptography

gulp

team-player

software-development-lifecycle-sdlc

risk-assessment

Job Description

OKX is looking for a Graduate Security Engineer to ensure the security and compliance of their platform. This role will involve organizing audits, handling due diligence requests, identifying security gaps, and designing security controls. Must have strong knowledge of information security principles and risk assessment skills.

Must have:

Information Security
Risk Assessment
Compliance Mindset
Technical Disciplines

Good to have:

Relevant Tech Stack
Cloud-based Linux
Distributed Architecture
Security Frameworks

Perks:

Competitive Compensation
L&D Programs

Not hearing back from companies?

Unlock the secrets to a successful job application and accelerate your journey to your next opportunity.

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.

If you are interested in more than one Supernova role, please apply to your first preference. We will still consider you for all opportunities.

Who We Are

At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.

We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.

About OKX Graduate Program (Supernova)

The Supernova Program is a 3-year Career Accelerator Program that aims to fast-track, high performing graduates into technical experts and future leaders mainly in the fields of Product Engineering, Product Management, and Product Design. We firmly believe in the power of the new era. Join us to achieve your narrative around crypto.

As a graduate Security Engineer, you will put in your utmost efforts to ensure security and compliance of the OKX platform with millions of daily active users. You will work cross-functionally with design, product, and other engineering teams to identify and assess security and compliance risks, design and develop advanced security and compliance mechanisms and products, including based on requirements identified in collaboration with risk, compliance or legal teams. This is an opportunity to learn the full security and compliance life cycle of crypto and Web3 platforms and work along with a rapidly growing technology governance team ensuring the leading industry best practices on security and compliance are implemented.

What You’ll Be Doing

Organising, coordinating and facilitating audits by working with the auditors and obtaining evidence for audit requests.Handling due diligence requests and questionnaires received from regulators and other third parties.
Supporting business units in developing and maintaining relevant technology related documentation to support local licensing application and maintenance.
Identifying technology, security and compliance control gaps and coordinating with stakeholders to resolve the gaps. Communicate and bridge the gap between external regulatory or audit requirements and internal stakeholder operations.
Designing security and compliance controls to meet the requirements of best practices in application security, infrastructure security as well as regulatory compliance, and to coordinate with engineers to implement them.
Conducting security and control gap assessments, risk assessments and audits.
Developing and maintaining high-quality technical, security and organizational documentation, including policies, standard operating procedures, standards and guidelines.
Upholding security and technology best practices. Improving efficiency in cross-office/time zone collaboration.
Collaborate with team members and functional stakeholders to meet control requirements to demonstrate organizational security compliance.

What We Look For In You

Bachelors in Computer Science, Information Systems, Technology, Engineering, or related technical disciplines.
Solid knowledge of information security principles, control design, and implementation.
Holistic risk assessment skills to break down complex infrastructural and procedural issues to its basic principles for effective and controllable solutions.
Compliance first mindset. Ability to lead by example for internal and external stakeholders. Highlight organizational best practices and embrace our We Before Me principle.
Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset. Able to manage multiple concurrent projects of different workloads, timelines and deadlines. Eager to develop in an organization with rapidly maturing technology and security posture.

Nice to Haves

Knowledgeable in the relevant tech stack skillset for the respective specialization - relational databases, OS, networking, encryption and cryptography, identity and access management, change management / SDLC, cloud service architecture.
Familiarity with the cloud-based Linux environment. Knowledgeable in distributed architecture. Understanding of Kubernetes or container orchestration architecture.
Familiarity with Java/Python/Go, and with daily developing tools such as npm, gulp, web-pack, git.
Alibaba Cloud and AWS knowledge and certifications are a strong plus.
Familiarity with information security risk management and compliance frameworks and reporting standards (i.e. ISO 27001, NIST CSF, SOC 2 Common Criteria, CSA STAR) is a strong plus.
Familiarity with security and IT risk certifications from recognized bodies such as ISACA, ISC2, CompTIA, CSA (e.g.: CISA, CISSP, CCSP, CCSK).
Proficiency in speaking, reading and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members.