Security Technology Governance EngineerNew

• Security Risk Identification and Assessment:

  • Evaluate the access control mechanisms of enterprise systems from a technical perspective, identifying instances of excessive permissions or control defects.

  • Review cloud platform configurations and security group policies to identify potential security vulnerabilities and design flaws.

  • Assess technical protective measures during the transfer process of key enterprise data, identifying data leakage risk points.

  • Inspect the security configurations of various technical platforms and tools to identify gaps in security policy implementation.

  • Evaluate the effectiveness of endpoint protection technologies, identifying areas where security protection is lacking.

• Technical Governance Plan Design:

  • Design technical remediation plans and best practices based on identified issues.

  • Develop technical optimization pathways for enterprise permission systems based on the principle of least privilege.

  • Formulate technical control strategies for data protection to ensure sensitive data is adequately protected at all stages.

  • Design security auditing and monitoring schemes to ensure risk points are identified and addressed promptly.

  • Assess the applicability of various security technologies and tools, recommending solutions that meet enterprise needs.

• Remediation Promotion and Verification:

  • Work closely with technical teams to effectively implement security remediation measures.

  • Design and conduct technical verification tests to confirm that remediation measures achieve the desired effects.

  • Establish a tracking mechanism for security technological improvements, monitoring the progress and effectiveness of remediations.

  • Regularly review remediated projects to ensure their long-term effectiveness.

  • Summarize the results of security governance to form a report on technological security improvements.

• Education and Experience:

  • Bachelors degree or higher in Computer Science, Information Security, or a related technical field.

  • At least 5 years of experience in security technology or security operations, with clear experience in security governance.

  • Familiarity with the IT environments and security architectures of large enterprises.

• Technical Skills:

  • A solid foundation in security technologies, understanding common security threats and defense mechanisms.

  • Familiarity with cloud security architectures and control mechanisms, with experience using mainstream cloud platforms such as AWS/Alibaba Cloud.

  • Understanding of identity authentication and authorization technologies (such as RBAC, OAuth) and their application in enterprise environments.

  • Knowledge of data security controls, understanding the workings of DLP, encryption, and other technologies.

  • Some programming or scripting capabilities (e.g., Python, Shell), able to analyze and verify security issues.

  • Familiarity with common security tools and their configuration.

• Soft Skills:

  • Excellent problem discovery and analytical skills, able to identify security flaws in complex systems.

  • Good communication skills, able to clearly articulate technical security requirements and drive their implementation.

  • Outstanding project management skills, able to coordinate resources from multiple parties to complete security improvements.

  • Ability to think from other perspectives, balancing security needs with business development requirements.

  • Patience and resilience, able to continuously push forward security improvements.

Information :

• Company : OKX
• Position : Security Technology Governance EngineerNew
• Location : Hong Kong
• Country : HK