- 经验
- 任何
- 薪水
- —
- 职位空缺
- 1
- 发布
- 6小时前
- 工作模式
- 在家办公
- 恢复
- 需要申请
职位描述
About the Company
We are one of the earliest and most reputable digital asset platforms globally, serving tens of millions of users worldwide. Consistently recognized among the top exchanges, we offer a wide range of trading and wealth management services across thousands of digital assets. Employing thousands across major financial centers worldwide, we maintain a remote-first, high-autonomy culture that attracts driven talent thriving in dynamic, intellectually challenging environments. Our mission is to build the financial infrastructure for the future internet era.
Role Overview
The landscape of account takeover risks is rapidly evolving, involving social engineering, phishing, deepfake identity bypass, client-side malware, malicious browser extensions, and swift post-takeover fund movements. This position is dedicated to preventing irreversible asset losses by architecting a strategic defense framework that integrates risk policies, AI-driven detection, dynamic verification, and automated response as a robust second-level protection system.
Key Responsibilities
- Develop comprehensive security strategies for accounts and funds throughout the user lifecycle, covering login procedures, API authorization, withdrawals, transfers, and detection of suspicious trading activities.
- Create and implement real-time detection systems along with dynamic step-up verification to combat social engineering, phishing attacks, malware hijacking, browser extensions compromises, and atypical device behaviors.
- Collaborate with algorithm teams to enhance anti-forgery models addressing AI-based face spoofing, identity circumvention, non-human activities, and irregular transaction patterns.
- Establish advanced monitoring and interception protocols to mitigate post-takeover fund movements, focusing on fraudulent matched trading, unusual counterparties, and abnormal price discrepancies.
- Enhance security infrastructure in partnership with product, security engineering, and funding units, incorporating AI agent-based case management and centralized verification features.
Candidate Profile
Mandatory Qualifications:
- Proven experience managing account security, anti-fraud, ATO defense, fund risk, or abuse strategy within a live environment where preventing asset loss was a critical objective.
- Ability to deconstruct attack pathways involving phishing, social engineering, malware hijacking, deepfake evasion, and laundering activities following account takeovers.
- Skilled at utilizing data analytics to scrutinize complex risk indicators drawn from device fingerprints, behavioral traces, transaction records, identity events, and counterparty analysis.
- Expertise in balancing security safeguards with user experience by employing confidence scoring, adaptive challenges, phased interventions, and well-defined escalation protocols.
Preferred Qualifications:
- Experience within crypto exchanges, fintech anti-fraud operations, KYC risk management, account security, or large-scale internet abuse mitigation.
- Collaboration history with algorithm teams on face spoofing detection, anomaly identification, graph risk modelling, or real-time interception technologies.
- Background in developing risk infrastructure featuring verification centers, automated case workflows, or AI-assisted investigative procedures.