Security Technology Governance Engineer

OKX is seeking a Security Technology Governance Engineer to evaluate access control, cloud configurations, and data transfer processes, identifying security vulnerabilities. The role also involves designing remediation plans, conducting verifications, and reporting on technological security improvements.

Overview

Department

Job type

Full time

Compensation

Salary not specified

Location

Singapore, Southeast Asia

Resume Assistance

See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service

Click to upload

or drag and drop

pdf, doc, or docx (max. 10MB)

Ready to apply?

You're one step away - it takes less than a minute to upload your resume

Requirements

Bachelor’s degree or higher in Computer Science, Information Security, or a related technical field.

At least 5 years of experience in security technology or security operations, with clear experience in security governance.

Familiarity with the IT environments and security architectures of large enterprises.

A solid foundation in security technologies, understanding common security threats and defense mechanisms.

Familiarity with cloud security architectures and control mechanisms, with experience using mainstream cloud platforms such as AWS/Alibaba Cloud.

Understanding of identity authentication and authorization technologies (such as RBAC, OAuth) and their application in enterprise environments.

Knowledge of data security controls, understanding the workings of DLP, encryption, and other technologies.

Some programming or scripting capabilities (e.g., Python, Shell), able to analyze and verify security issues.

Familiarity with common security tools and their configuration.

Excellent problem discovery and analytical skills, able to identify security flaws in complex systems.

Good communication skills, able to clearly articulate technical security requirements and drive their implementation.

Outstanding project management skills, able to coordinate resources from multiple parties to complete security improvements.

Ability to think from other perspectives, balancing security needs with business development requirements.

Patience and resilience, able to continuously push forward security improvements.

Responsibilities

Security Risk Identification and Assessment:

Evaluate the access control mechanisms of enterprise systems from a technical perspective, identifying instances of excessive permissions or control defects.

Review cloud platform configurations and security group policies to identify potential security vulnerabilities and design flaws.

Assess technical protective measures during the transfer process of key enterprise data, identifying data leakage risk points.

Inspect the security configurations of various technical platforms and tools to identify gaps in security policy implementation.

Evaluate the effectiveness of endpoint protection technologies, identifying areas where security protection is lacking.

Technical Governance Plan Design:

Design technical remediation plans and best practices based on identified issues.

Develop technical optimization pathways for enterprise permission systems based on the principle of least privilege.

Formulate technical control strategies for data protection to ensure sensitive data is adequately protected at all stages.

Design security auditing and monitoring schemes to ensure risk points are identified and addressed promptly.

Assess the applicability of various security technologies and tools, recommending solutions that meet enterprise needs.

Remediation Promotion and Verification:

Work closely with technical teams to effectively implement security remediation measures.

Design and conduct technical verification tests to confirm that remediation measures achieve the desired effects.

Establish a tracking mechanism for security technological improvements, monitoring the progress and effectiveness of remediations.

Regularly review remediated projects to ensure their long-term effectiveness.

Summarize the results of security governance to form a report on technological security improvements.

Benefits

Competitive total compensation package.

L&D programs and Education subsidy for employees' growth and development.

Various team building programs and company events.

Wellness and meal allowances.

Comprehensive healthcare schemes for employees and dependants.