Principal Security Operation Engineer

About the role

Established in 2018, Bybit is one of the world's leading cryptocurrency exchanges and digital financial platforms, serving over 80 million users across more than 200 countries and regions. Powered by world-class technology and a user-first mindset, Bybit delivers a seamless ecosystem across trading, payments, wealth management, custody, institutional services, and Web3 - connecting users to the future of digital finance. Our core values define how we build. We listen, care and improve to create products and experiences that put users first. Backed by a global team of ambitious builders, problem-solvers, and innovators, we foster a high-performance and fast-moving environment where talent is empowered to drive real impact at the global scale. Supported by 24/7 multilingual customer service and a strong commitment to innovation, we are shaping the future of finance through technology, collaboration, and bold execution. Today, Bybit is recognized as one of the most trusted and transparent platforms in the digital asset industry, continuing to expand its global presence while building the infrastructure for the next generation of financial services. Job responsibilities Red-blue confrontation drill Responsible for developing and executing penetration testing, red-blue confrontation, and practical attack and defense drills that simulate real attack scenarios, identifying potential security risks in enterprise networks, applications, cloud environments, work networks, and core business systems. Lead or participate in red-blue confrontation exercises to evaluate the defense team's ability in attack detection, alarm analysis, traceability analysis, emergency response, and recovery. Based on the real attack chain design exercise scenario, covering extranet breakthrough, web vulnerability exploitation, phishing entrance, privilege escalation, lateral movement, Data Discovery, privilege maintenance, and defense bypass stages. Combining the attack review results, promote the continuous optimization of security detection rules, response processes, asset governance, and security base lines. Attack Surface Analysis and Threat Research Identify enterprise network exposure, internet assets, cloud assets, APIs, supply chain components, and third-party access risks, evaluate attack paths, and provide mitigation recommendations. Monitor and collect threat intelligence, track vulnerability exploitation trends, APT attack methods, red team toolchain changes, and apply them to enterprise attack and defense exercises. Combining business scenarios to model attack paths and discover feasible attack chains from external exposure surfaces to core assets. Tracking AI-related security risks, including security issues in large-scale model applications, RAG systems, Agent systems, plug-in/tool calls, MCP services, AI code generation, and automated workflows. AI Security and Large Model Attack and Defense Responsible for the security evaluation of AI applications, intelligent agent systems, RAG Knowledge Base, AI Agent toolchain, and model services within the enterprise. Research and verify large-scale model-related attack techniques, including Prompt Injection, Jailbreak, Indirect Prompt Injection, data leakage, unauthorized tool invocation, security risks caused by model illusions, RAG poisoning, vector library pollution, sensitive information leakage, etc. Design AI red team test cases and evaluation framework, and conduct security verification on model input and output, context isolation, permission control, tool call chain, and data access boundary. Participate in the construction of AI security protection plan, including prompt word security policy, content security detection, tool call permission constraints, sensitive data desensitization, audit tracking, Agent sandbox isolation and security evaluation benchmark construction. Explore the application of AI in red team automation, vulnerability analysis, attack path planning, PoC verification, and report generation, and promote the platformization, automation, and intelligence of attack and defense capabilities. Tool and platform development Develop and optimize Red Team-specific tools and scripts for vulnerability mining, information collection, privilege escalation, lateral movement, credential analysis, traffic disguise, defense bypass, and automated report generation. Research and validate new attack techniques, and simulate real threats in combination with enterprise business scenarios. Build or participate in the construction of automated security evaluation platform, integrated vulnerability scanning, audio fingerprint recognition, asset mapping, PoC verification, attack path analysis, AI Agent arrangement and other capabilities. Combining LLM/Agent technology to explore automated penetration testing, intelligent vulnerability verification, code security auditing, and red team task scheduling. Security evaluation and reporting Conduct securi

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Bybit? Share your experience