Hybrid Head of Audit (Infrastructure & Developer Operations) na OKX
OKX · San Jose, Estados Unidos Da América · Hybrid
- Professional
- Escritório em San Jose
Who We Are
About the Opportunity
What You’ll Be Doing
- Lead and manage a global Infrastructure & Developer Operations audit team, including hiring and developing individuals across key regions.
- Drive the execution of global audit programs, specifically assessing the design and operating effectiveness of controls over infrastructure, cloud computing platforms, operating systems, networking, virtualization, containerization, storage systems, DevOps practices, and Secure CI/CD pipelines. This includes a deep dive into the codebase, build, test, and release processes.
- Oversee the independent validation of IT incidents related to infrastructure and development operations, and provide critical audit support for group-wide IT certifications.
- Collaborate effectively with other functional and regional Internal Audit portfolio leads to provide expert infrastructure and DevOps controls testing and assurance for integrated audits.
- Develop and implement advanced audit methodologies tailored to the unique complexities of high-performance, distributed crypto systems, emphasizing the assessment of automated and secure deployments, and ongoing maintenance and management processes.
- Provide strategic audit insights and independent assurance on emerging infrastructure and DevOps risks in the cryptocurrency space to senior leadership and the Audit Committee.
What We Look For In You
- Prior Crypto Exchange/Crypto Product Experience is Essential.
- Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
- Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
- Data Analytics/SQL for Infrastructure & DevOps Auditing: Expert ability to analyze complex data across the entire technology stack, including CI/CD pipeline logs, git commit history, dependency manifests, configuration management logs, system logs, network flow data, infrastructure-as-code configurations, and cloud provider logs, specifically for audit purposes.
- Infrastructure Auditing: Comprehensive knowledge of IT infrastructure components, with a specialized focus on independently auditing the resilience, scalability, and security of blockchain nodes, low-latency trading systems, and high-availability wallet infrastructure.
- Cloud Computing Platform Auditing: Expert-level auditing of cloud infrastructure (AWS, Azure, GCP) specifically for mission-critical crypto workloads, including container orchestration (Kubernetes), serverless functions, multi-region deployments, and ensuring geo-redundancy for key assets.
- Operating System (OS) Auditing (for Blockchain Nodes & Exchange Servers): Deep dive capability to assess the hardening, patching, kernel configurations, and user access controls for operating systems hosting blockchain nodes, trading engines, and critical exchange services.
- Networking Auditing: Advanced knowledge of networking protocols, DDoS mitigation strategies, and the ability to audit low-latency, high-throughput network architectures essential for competitive crypto exchange operations, including peering arrangements and BGP configurations.
- Virtualization & Containerization Auditing: Expertise in independently auditing virtualized environments and container orchestration platforms (Docker, Kubernetes) specifically for secure isolation of critical workloads, supply chain security for container images, and resource management to prevent denial-of-service.
- Storage System Auditing: Ability to independently assess the security, integrity, availability, and immutability of storage systems (SAN, NAS, object storage) for critical blockchain data, cryptographic keys, and sensitive audit logs.
- DevOps Auditing: Deep understanding of DevOps principles (e.g., build, test, release), automation, and continuous delivery with a focus on independently auditing the security and compliance of rapid, automated deployments in a high-stakes crypto environment (e.g. GitLab, GitHub, etc.)
- Secure Continuous Integration/Continuous Delivery (CI/CD) Auditing: Expertise in independently auditing CI/CD pipelines for integrated security tools (SAST, DAST, SCA), automated security gates, secure artifact management, and robust deployment controls for smart contracts and exchange software. This includes assessing the codebase, build, test, and release processes.
- Automation and Scripting Auditing (for Infrastructure as Code & Smart Contracts): Ability to independently assess the security and integrity of automation scripts (e.g., Python, Go, Shell), Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation), and configuration management tools (e.g., Ansible) used to manage crypto infrastructure.
- Cloud Deployment & Management Auditing (Automated & Secure): Expertise in independently auditing automated cloud provisioning, configuration, and management processes, emphasizing security best practices, least privilege, and immutable infrastructure principles for critical crypto components, as well as ongoing maintenance and management.
- Agile Development Methodologies Auditing: Ability to independently assess the deep integration of security activities and controls within agile development processes, including proactive threat modeling for new features, security champions within development teams, and rigorous peer review for smart contract code.
- Code Review & Secure Coding Practices: Familiarity with secure coding principles for languages commonly used in blockchain development (e.g. Solidity, Rust, Go, Python) and the ability to independently evaluate the effectiveness of code review processes for identifying operational and security flaws.
- Risk Management Principles for Infrastructure & DevOps Auditing: Advanced grasp of risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
- Knowledge of Specific Regulatory Requirements impacting Infrastructure & DevOps: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs)) and how these translate to technical controls relevant to infrastructure and DevOps.
Perks & Benefits
- Competitive total compensation package
- L&D programs and education subsidy for employees' growth and development
- Various team building programs and company events
- Wellness and meal allowances
- Comprehensive healthcare schemes for employees and dependants
- More that we love to tell you along the process!
OKX Statement:
- The salary range for this position is $240,000 - $360,000
- The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.