Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.
At Okta, we celebrate a variety of perspectives and experiences. We are looking for lifelong learners and people who can make us better with their unique experiences.
Staff Product Security Engineer
We are looking for a talented Staff Security Engineer to join our Product Security Team and help us enhance our application security program. As a Product Security Engineer, you will contribute to the security of various aspects of Okta's DevSecOps Security posture, implement services, and define processes that mitigate risk in this space.
The ideal candidate has strong Application Security knowledge, alongside a hands–on experience with automation through custom code.
Responsibilities
* Architect, implement, and manage DevSecOps tools, automating security checks and embedding SAST, DAST, IaC, and secret scanning into CI/CD pipelines.
* Build and maintain AWS-based secure infrastructure and automation pipelines using EC2, Step Functions, and Lambda, leveraging native security controls.
* Support Engineering through weekly rotations, assisting with triage, prioritisation, and remediation of findings to ensure timely remediation of vulnerabilities.
* Develop automation for internal systems to meet Okta-specific requirements for vulnerability identification, tracking, and reporting.
* Drive the definition and refinement of internal processes to accelerate secure software delivery.
* Contribute to security strategy, risk prioritization, and planning to strengthen Okta product security.
Qualifications
* At least 5 years of experience in Application Security, with a strong focus on security automation and building secure systems at scale.
* A deep understanding of modern web application vulnerabilities and remediation techniques (OWASP Top 10, CWE Top 25).
* Proven ability to perform security code reviews in at least one major programming language (Python, Go, Java, or C#).
* Significant software development experience in Python, or a similar language, with a strong interest in learning Python.
* A proven track record of automating and streamlining security processes, including hands‑on experience implementing and managing commercial or open‑source DevSecOps tools and hardening CI/CD pipelines.
Additional Skills
* Knowledge of at least one of AWS, GCP, Azure, etc.
* Experience with CI/CD pipelines, either on‑prem or cloud.
Bachelor’s Degree and Certifications
* Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience.
* Industry certifications related to Application and Network Security are a plus.
At our company, we value collaboration, teamwork, and innovation. This role will report to the Manager of Software Supply Chain Security, and will work closely with other members of the DevSecOps team. We are passionate about what we do and strive to create an inclusive and diverse workplace where everyone can thrive. If you are excited about this opportunity and meet the qualifications listed above, we encourage you to apply. We look forward to hearing from you.
Benefits and Culture
* Amazing Benefits
* Making Social Impact
* Developing Talent and Fostering Connection + Community at Okta
Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.
If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.
Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at
Okta The foundation for secure connections between people and technology
Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 7,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. More than 19,300 organizations, including JetBlue, Nordstrom, Slack, T-Mobile, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers.
#J-18808-Ljbffr