OKX

Senior Staff/Principal Security Engineer

OKX

full-time

Posted on:

Location Type: Office

Location: San Jose • California • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $214,666 - $313,055 per year

Job Level

Senior

Tech Stack

AWSCloudDistributed SystemsDockerGoGoogle Cloud PlatformJavaKubernetesPythonRustSDLC

About the role

  • Lead the design and development of advanced security testing platforms, including large-scale fuzzing frameworks, symbolic execution engines, and AI-powered validation systems
  • Drive secure architecture reviews and threat modeling for critical infrastructure, APIs, smart contracts, and cloud-native services
  • Champion Secure SDLC practices, embedding advanced static/dynamic analysis into CI/CD pipelines and automating vulnerability discovery
  • Research, prototype, and deploy cutting-edge defense mechanisms (e.g., moving target defense, runtime exploit mitigations, advanced key management systems)
  • Serve as a subject matter expert on cryptography, data protection, and secure protocols, guiding product and engineering teams
  • Perform deep-dive vulnerability research, root cause analysis, and exploitation modeling across diverse platforms (web, mobile, cloud, automotive, blockchain)
  • Mentor senior engineers and collaborate across global teams to establish security-by-design culture
  • Publish findings, contribute to open-source projects, and represent OKX in external security forums when appropriate

Requirements

  • 12+ years of hands-on experience in security engineering, program analysis, or product security roles
  • Strong expertise in fuzzing, hybrid fuzzing, symbolic execution, or automated vulnerability discovery
  • Proven track record designing and deploying security tools at scale (distributed fuzzing clusters, static analysis platforms, runtime validation frameworks)
  • In-depth knowledge of cryptography, secure protocols, data encryption, and key management
  • Solid understanding of application security principles (OWASP, STRIDE, TARA) and exploit techniques
  • Hands-on experience with cloud (AWS/GCP), container security (Docker/Kubernetes), and large-scale distributed systems
  • Proficiency in at least one system-level programming language (Java/C/C++/Rust/Go) and one scripting language (Python/Shell)
  • Strong communication and leadership skills, with experience mentoring teams and influencing cross-functional stakeholders
  • Nice to haves: experience with blockchain, smart contract security, or cryptographic protocols; contributions to academic research, open-source security tools, or bug bounty programs; security certifications (OSCP, OSWE, CSSLP, CISSP); published research papers; fluency in Mandarin is a plus
Benefits
  • Competitive total compensation package
  • Performance bonus and long-term incentives
  • L&D programs and education subsidy for continuous growth
  • Comprehensive healthcare schemes for employees and dependents
  • Wellness and meal allowances
  • Various team-building programs and company events
  • Full range of medical, financial, and/or other benefits, dependent on the position offered

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
fuzzingsymbolic executionautomated vulnerability discoverycryptographydata encryptionkey managementapplication security principlessystem-level programming languagesscripting languagesexploit techniques
Soft skills
communication skillsleadership skillsmentoringcollaborationinfluencing stakeholders
Certifications
OSCPOSWECSSLPCISSP