Graduate Hire 2024/25 - Security Engineer (Technology Governance, Governance support)

Who We Are

About OKX Graduate Program (Supernova)

What You’ll Be Doing

• Designing, developing, and maintaining the organization's information security management system across all domains, including but not limited to infrastructure management, application management, data management.
• Designing security and compliance controls to meet the requirements of best practices in application security, infrastructure security as well as regulatory compliance, and to coordinate with engineers to implement them.
• Conducting security and control gap assessments, risk assessments and audits.
• Developing and maintaining high-quality technical, security and organizational documentation, including policies, standard operating procedures, standards and guidelines.
• Upholding security and technology best practices. Improving efficiency in cross-office/time zone collaboration.
• Collaborate with team members and functional stakeholders to meet control requirements to demonstrate organizational security compliance.
• Communicate and bridge the gap between external regulatory or audit requirements and internal stakeholder operations.

What We Look For In You

• Bachelors in Computer Science, Information Systems, Technology, Engineering, or related technical disciplines.
• Solid knowledge of information security principles, control design, and implementation.
• Holistic risk assessment skills to break down complex infrastructural and procedural issues to its basic principles for effective and controllable solutions.
• Compliance first mindset. Ability to lead by example for internal and external stakeholders. Highlight organizational best practices and embrace our We Before Me principle.
• Analytical with a positive problem-solving mindset, a proactive team player who embodies a growth mindset, flexible, and comfortable in navigating ambiguity with a global mindset. Able to manage multiple concurrent projects of different workloads, timelines and deadlines.
• Eager to develop in an organization with rapidly maturing technology and security posture.
• Proficiency in speaking, reading and writing in both English and Mandarin.

Nice to Haves

• Knowledgeable in the relevant tech stack skillset for the respective specialization - relational databases, OS, networking, encryption and cryptography, identity and access management, change management / SDLC, cloud service architecture.
• Familiarity with the cloud-based Linux environment. Knowledgeable in distributed architecture. Understanding of kubernetes or container orchestration architecture.
• Familiarity with Java/Python/Go, and with daily developing tools such as npm, gulp, webpack, git.
• Alibaba Cloud and AWS knowledge and certifications are a strong plus.
• Familiarity with information security risk management and compliance frameworks and reporting standards (i.e. ISO 27001, NIST CSF, SOC 2 Common Criteria, CSA STAR).
• Familiarity with security and IT risk certifications from recognized bodies such as ISACA, ISC2, CompTIA, CSA (e.g.: CISA, CISSP, CCSP, CCSK) is a strong plus.
• Proficiency in Cantonese.

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!