We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution by identifying and resolving risks to the employees, product, and most importantly, our customers. The Security Trust & Culture team works to enhance customer trust in Okta’s identity services . We serve as a strategic resource working closely with Okta’s go-to-market teams.

As a Staff level analyst of Customer Assurance, you will support prioritising and efficiently responding to questions about our security programme and other due diligence related requests. You will act as a critical bridge between our customers and our internal engineering teams, ensuring Okta’s security posture is communicated effectively.

Tasks will include training local Sales teams, managing complex escalations in the regional market, and driving technological changes to help Customer Assurance scale its efforts globally. This position requires a unique combination of skills including an ability to coordinate the analysis of technical issues, to communicate clearly about security-relevant topics with both internal and external customers, to collaborate with internal business units to ensure execution of time-sensitive projects, and to present to upper management or the broader organisation as required.

The ideal candidate will have experience with SaaS cloud security risk assessment and a solid understanding of the core principles of identity management. If you want to make a difference in the security programme of a global cloud provider, we want you on board.

Job Duties and Responsibilities:

Serve as the critical bridge between Okta’s customers and internal Engineering/Product Security teams. You must be able to unpack complex customer security concerns, hold in-depth technical discussions with internal engineering to align on solutions, and translate Okta’s security architecture back to the customer to resolve high-stakes inquiries.

Take end-to-end ownership of highly technical security questionnaires and due-diligence requests, Partner seamlessly with internal subject matter experts,including our specialised Federal/FedRAMP teams,to ensure accurate, timely, and high-quality responses for highly regulated customers.

Drive technological changes within Customer Assurance by identifying and implementing AI and automation strategies to streamline workflows, scale global efforts, and reduce response times.

Train and empower regional Go-To-Market and Sales teams on standard engagement protocols, ensuring they can leverage Customer Assurance resources smoothly to accelerate deals.

Collaborate with the Security Trust & Culture team and Regional CSOs to develop, publish, and maintain forward-facing security collateral, FAQs, and field communications.

Work within a global team, participating or leading global handoffs between American timezones and European or Asian, when required for large security or industry events.

Requirements:

Bachelor’s degree in Computer Science or Management Information Systems, or equivalent work experience in technology or information security fields

Minimum 3 years information security, project management, or related experience

A strong, fundamental understanding of core Security principles, architectures, and operations.

Understanding of IT and cloud methodologies, information security, privacy, identity management, risk assessments and IT regulation and compliance standards

Strong oral, written, and presentation skills

Strong written and verbal communication skills, with a proven ability to distill complex technical concepts into clear, concise responses for both technical customers and internal executive stakeholders.

Helpful Certifications / Skills:

Okta Certified Professional/Administrator

Certificate of Cloud Security Knowledge (CCSK) and/or Certificate of Cloud Auditing Knowledge (CCAK)

Certified Information Security Auditor (CISA)

Experience with generative AI tools or process automation platforms is a strong plus.

Familiarity with Federal or highly regulated compliance frameworks (e.g., FedRAMP, StateRAMP, NIST 800-53, or DoD IL4/IL5)

XML job scraping automation by YubHub

The responsibilities listed below represent the core functions of this role:

• Strategic Audit Leadership: Lead end-to-end FedRAMP and DoD audits, serving as the primary point of contact for external 3PAOs and government agencies.
• Continuous Monitoring Strategy: Oversee and evolve the continuous monitoring (ConMon) program. Design sophisticated reporting mechanisms for vulnerability management and risk posture for executive leadership.
• Engineering Advisory: Act as a senior consultant to Engineering and Product teams, translating complex NIST 800-53 requirements into actionable technical specifications for cloud-native environments.
• Impact Assessment & Risk Management: Lead the assessment of high-impact changes to federal systems. Ensure that system evolutions maintain a rigorous security posture without sacrificing innovation.
• Cross-Functional Alignment: Drive synchronization between GRC, Security, Marketing, Sales, Engineering, and Product to ensure federal requirements are integrated into the broader corporate roadmap.
• Programmatic Gap Analysis: Proactively identify and lead initiatives to close gaps between current capabilities and future regulatory requirements (e.g., emerging NIST standards, new DoD mandates, or IL6 requirements).
• Evidence Automation & FedRAMP 20x Readiness: Drive the build-out and support of automated evidence collection and control validation. Lead the transition toward "FedRAMP 2.0" standards (including OSCAL integration), defining and monitoring Key Security Indicators (KSIs) to provide real-time compliance visibility.

Minimum Required Knowledge, Skills, and Abilities:

• Education: Bachelor’s degree in Computer Science, MIS, Cybersecurity, or a related technical field.
• Experience: 7+ years of experience in security compliance, with at least 4-5 years specifically focused on the FedRAMP/NIST 800-53 framework.
• Automation & Compliance Engineering: Demonstrated experience with automation tools or scripting (e.g., Python, Go, or SQL) for automated evidence collection. Familiarity with API-based control validation and OSCAL-based tooling (e.g., Trestle, LULA, or similar GRC automation frameworks).
• Technical Depth: Deep understanding of cloud-native infrastructure (IaaS, PaaS, SaaS) and how infrastructure components (networking, OS, databases) support a distributed cloud application.
• Framework Mastery: Expert-level knowledge of NIST SP 800-53, FedRAMP High/Moderate, and DoD SRG (IL4, IL5, and familiarity with IL6).
• Operational Knowledge: Proven experience with access management, CI/CD pipelines, disaster recovery, and encryption/key management in a cloud context.
• Analytical Leadership: Ability to analyze complex "edge-case" security scenarios and provide remediation paths that align with both business goals and regulatory requirements.
• Communication: Exceptional presentation skills with the ability to explain technical compliance risks to non-technical executive stakeholders.

Preferred Certifications & Skills:

• Advanced Certifications: CISSP (highly preferred), CISA, or CCSK.
• Cloud Expertise: AWS Certified Solutions Architect or Cloud Practitioner.
• Tooling: Expert-level proficiency with JIRA, ServiceNow, and Okta.
• Technical Background: Prior experience in a DevOps, Security Engineering, or Systems Administration role is a significant plus.

Additional requirements:

• This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.

XML job scraping automation by YubHub