Staff Security Engineer

About Okta

Okta is The World’s Identity Company, freeing everyone to safely use any technology, anywhere, on any device or app. With products like Okta Platform and Auth0 Platform, they provide secure access, authentication, and automation, placing identity at the core of business security and growth.

Okta values diverse perspectives and experiences, seeking lifelong learners who can contribute uniquely to their team. Join them in building a world where Identity belongs to you.

The Opportunity: Staff Security Engineer

The Staff Security Engineer plays a crucial role in strengthening Okta's security posture. This position involves performing security assessments of third-party integrations and connected apps, with a strong focus on mitigating API-related security risks. You will be vital in ensuring a "secure-by-design" approach for critical systems within the organization.

What You Will Do

• Lead Technical Security Reviews: Perform in-depth security reviews and threat modeling for complex enterprise applications and third-party integrations.
• Operationalize AI for Security: Lead the deployment and management of AI for Security use cases, such as integration security reviews, to automate and scale security operations.
• Risk Analysis & Documentation: Analyze and document API permissions and risk levels for major integrations (e.g., Salesforce, Slack, Google) to ensure they meet internal standards.
• Develop Workflow Processes: Collaborate with stakeholders to design and implement repeatable security review workflows, such as the Salesforce API Integration Review.
• Vulnerability & Control Gap Mitigation: Identify potential vulnerabilities and security control gaps in connected apps and recommend technical mitigation strategies to stakeholders.
• Report & Visualize Posture: Contribute to and maintain metrics and dashboards that demonstrate the organization's overall security posture for leadership.

What You Bring

• Deep Technical Expertise: Proven experience in information security, specifically within application and enterprise security domains.
• API & Integration Specialist: Strong background in assessing and mitigating risks associated with third-party APIs and connected application ecosystems.
• Advanced Security Principles: Understanding of "secure-by-design" principles and the "least privilege" model.
• Practical Threat Modeling: Hands-on experience identifying attack vectors and conducting risk assessments for complex systems.
• Tooling & AI Proficiency: Experience working with security platforms for analyzing application permissions and an interest or background in applying AI to streamline security tasks.
• Collaborative Influencer: Exceptional communication skills with a track record of aligning multiple teams toward shared security goals.
• Education: A Bachelor's degree in Computer Science, information security, or a related field.

Key skills/competency

• Information Security
• Application Security
• Enterprise Security
• API Security
• Threat Modeling
• Risk Assessment
• AI for Security
• Security Automation
• Secure-by-Design
• Least Privilege Model