Security Governance Engineer

Who We Are At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

Responsibilities

Security Risk Discovery & Assessment

Security Architecture Review

Conduct comprehensive security architecture assessments for new and existing systems using Threat Modeling methodologies to identify structural vulnerabilities before they go live.

AI & MCP Security Assessment

Evaluate the security posture of Artificial Intelligence implementations, specifically focusing on

MCP

integrations, LLM interactions, and AI Agent permissions to prevent prompt injection, unauthorized data access, and excessive agency.

Access Control Assessment

Evaluate permission control mechanisms across enterprise systems to identify over-provisioning and control deficiencies.

Cloud Infrastructure Review

Audit cloud platform configurations and overall architecture to detect potential security vulnerabilities.

Data Flow Analysis

Evaluate technical safeguards during critical data flows to uncover leakage risks.

System Review

Conduct comprehensive system security reviews and design robust security hardening solutions. Technical Governance & Solution Design

AI Governance Framework

Design security standards and guardrails for AI adoption, ensuring that MCP servers , AI clients, and data connectors adhere to strict authentication and authorization policies.

Remediation Framework Design

Design technical remediation plans and long-term governance frameworks based on identified issues.

IAM Optimization

Design optimization paths for IAM systems based on the Principle of Least Privilege (PoLP).

Data Protection Strategy

Formulate technical control strategies for sensitive data across its entire lifecycle.

Tool Evaluation

Evaluate and integrate security technologies into the overall security architecture. Remediation Drive & Verification

Cross-Functional Collaboration

Work with technical teams to drive effective implementation of security remediations.

Verification Testing

Design and execute technical verification tests (e.g., penetration testing) to confirm remediation effectiveness.

Tracking Mechanism

Establish a tracking mechanism for security improvements and potential regression risks.

Continuous Review & Reporting

Regularly review projects and consolidate results into strategic reports.

Requirements

Education & Experience Bachelor’s degree or higher in Computer Science, Information Security, or related fields.

5+ years of experience in security technology or operations, with a strong background in security governance and architecture. Familiarity with large-scale enterprise IT environments, multi-cloud/hybrid cloud models, and modern AI technology stacks . Technical Competencies

Architecture & Threat Modeling

Proficiency in performing Security Architecture Reviews and Threat Modeling (e.g., STRIDE, PASTA); ability to dissect complex microservices and distributed systems.

AI Security Knowledge

Deep understanding of AI/

LLM

security risks (e.g., OWASP Top 10 for LLM), including secure design of

MCP

, RAG (Retrieval-Augmented Generation) architectures, and AI Agent sandboxing.

Cloud Security

Proficient in cloud security architecture (AWS, Alibaba Cloud).

IAM Knowledge

Strong understanding of identity protocols (RBAC, OAuth, ABAC) and their integration.

Data Security

Technical knowledge of DLP, encryption, and data masking best practices.

Automation & Tools

Capability in Python/Shell scripting and familiarity with security tools (SIEM, WAF, etc.).

Soft Skills

Analytical Thinking

Outstanding problem discovery skills for both traditional and emerging (AI) systems.

Communication

Ability to articulate technical security requirements to cross-functional teams.

Project Management

Excellent ability to coordinate resources and drive remediation projects.

Business Acumen

Ability to balance security requirements with business innovation.

Drive & Resilience

Proactive, patient, and capable of maintaining efficiency under pressure. Perks & Benefits Competitive total compensation package. L&D programs and Education subsidy for employees' growth and development.

Various team building programs and company events. Wellness and meal allowances. Comprehensive healthcare schemes for employees and dependants .

More that we love to tell you along the process! Please note that Hong Kong is a group-level service hub, and

OKX

does not carry on a business of operating a virtual asset trading platform in Hong Kong.

Notice

All official

OKX

vacancies are published on this website.

While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated.

If in doubt, please apply directly through our official careers website. Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to

OKX

's Candidate Privacy Notice .