Hybrid Head of Audit (Infrastructure & Developer Operations) na OKX
OKX · San Jose, Estados Unidos Da América · Hybrid
- Professional
- Escritório em San Jose
Who We Are
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
About the Opportunity
OKX is undertaking a significant global team buildout within its Internal Audit function, and we are looking for an experienced and visionary Head of Infrastructure & Developer Operations Audit. This is a unique opportunity to lead the assessment and assurance of our critical infrastructure and DevOps practices within a leading crypto organization, ensuring the highest levels of resilience, scalability, and security for our global operations. You will build and lead a high-performing audit team, drive strategic assurance initiatives, and directly impact the robust and efficient delivery of innovative crypto products and infrastructure by thoroughly assessing the organization's codebase, build, test, and release processes, as well as technical infrastructure maintenance and management.
What You’ll Be Doing
- Lead and manage a global Infrastructure & Developer Operations audit team, including hiring and developing individuals across key regions.
- Drive the execution of global audit programs, specifically assessing the design and operating effectiveness of controls over infrastructure, cloud computing platforms, operating systems, networking, virtualization, containerization, storage systems, DevOps practices, and Secure CI/CD pipelines. This includes a deep dive into the codebase, build, test, and release processes.
- Oversee the independent validation of IT incidents related to infrastructure and development operations, and provide critical audit support for group-wide IT certifications.
- Collaborate effectively with other functional and regional Internal Audit portfolio leads to provide expert infrastructure and DevOps controls testing and assurance for integrated audits.
- Develop and implement advanced audit methodologies tailored to the unique complexities of high-performance, distributed crypto systems, emphasizing the assessment of automated and secure deployments, and ongoing maintenance and management processes.
- Provide strategic audit insights and independent assurance on emerging infrastructure and DevOps risks in the cryptocurrency space to senior leadership and the Audit Committee.
What We Look For In You
We are seeking a seasoned IT audit professional with demonstrable experience in independently assessing infrastructure and DevOps practices within the crypto exchange or crypto product space. The ideal candidate will possess a deep understanding of resilient and secure infrastructure principles applied to novel technical and control environments, coupled with strong leadership and analytical skills.
Key Qualifications:
- Prior Crypto Exchange/Crypto Product Experience is Essential.
- Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
- Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
- Data Analytics/SQL for Infrastructure & DevOps Auditing: Expert ability to analyze complex data across the entire technology stack, including CI/CD pipeline logs, git commit history, dependency manifests, configuration management logs, system logs, network flow data, infrastructure-as-code configurations, and cloud provider logs, specifically for audit purposes.
- Infrastructure Auditing: Comprehensive knowledge of IT infrastructure components, with a specialized focus on independently auditing the resilience, scalability, and security of blockchain nodes, low-latency trading systems, and high-availability wallet infrastructure.
- Cloud Computing Platform Auditing: Expert-level auditing of cloud infrastructure (AWS, Azure, GCP) specifically for mission-critical crypto workloads, including container orchestration (Kubernetes), serverless functions, multi-region deployments, and ensuring geo-redundancy for key assets.
- Operating System (OS) Auditing (for Blockchain Nodes & Exchange Servers): Deep dive capability to assess the hardening, patching, kernel configurations, and user access controls for operating systems hosting blockchain nodes, trading engines, and critical exchange services.
- Networking Auditing: Advanced knowledge of networking protocols, DDoS mitigation strategies, and the ability to audit low-latency, high-throughput network architectures essential for competitive crypto exchange operations, including peering arrangements and BGP configurations.
- Virtualization & Containerization Auditing: Expertise in independently auditing virtualized environments and container orchestration platforms (Docker, Kubernetes) specifically for secure isolation of critical workloads, supply chain security for container images, and resource management to prevent denial-of-service.
- Storage System Auditing: Ability to independently assess the security, integrity, availability, and immutability of storage systems (SAN, NAS, object storage) for critical blockchain data, cryptographic keys, and sensitive audit logs.
- DevOps Auditing: Deep understanding of DevOps principles (e.g., build, test, release), automation, and continuous delivery with a focus on independently auditing the security and compliance of rapid, automated deployments in a high-stakes crypto environment (e.g. GitLab, GitHub, etc.)
- Secure Continuous Integration/Continuous Delivery (CI/CD) Auditing: Expertise in independently auditing CI/CD pipelines for integrated security tools (SAST, DAST, SCA), automated security gates, secure artifact management, and robust deployment controls for smart contracts and exchange software. This includes assessing the codebase, build, test, and release processes.
- Automation and Scripting Auditing (for Infrastructure as Code & Smart Contracts): Ability to independently assess the security and integrity of automation scripts (e.g., Python, Go, Shell), Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation), and configuration management tools (e.g., Ansible) used to manage crypto infrastructure.
- Cloud Deployment & Management Auditing (Automated & Secure): Expertise in independently auditing automated cloud provisioning, configuration, and management processes, emphasizing security best practices, least privilege, and immutable infrastructure principles for critical crypto components, as well as ongoing maintenance and management.
- Agile Development Methodologies Auditing: Ability to independently assess the deep integration of security activities and controls within agile development processes, including proactive threat modeling for new features, security champions within development teams, and rigorous peer review for smart contract code.
- Code Review & Secure Coding Practices: Familiarity with secure coding principles for languages commonly used in blockchain development (e.g. Solidity, Rust, Go, Python) and the ability to independently evaluate the effectiveness of code review processes for identifying operational and security flaws.
- Risk Management Principles for Infrastructure & DevOps Auditing: Advanced grasp of risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
- Knowledge of Specific Regulatory Requirements impacting Infrastructure & DevOps: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs)) and how these translate to technical controls relevant to infrastructure and DevOps.
Perks & Benefits
- Competitive total compensation package
- L&D programs and education subsidy for employees' growth and development
- Various team building programs and company events
- Wellness and meal allowances
- Comprehensive healthcare schemes for employees and dependants
- More that we love to tell you along the process!
OKX Statement:
OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
- The salary range for this position is $240,000 - $360,000
- The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.
