We are looking for a Staff Software Engineer, Security to join our Security Engineering group. As a Staff Software Engineer, Security, you will act as a liaison between the Security org and the engineering org to build technical leverage and influence the security roadmap and direction.

Responsibilities ---------------

• Act as a liaison between the engineering and security org to develop innovative requirements for the security roadmap.
• Evangelize security best practices across the engineering org.
• Research, design, implement and own security oriented frameworks and features with the common goal of protecting Okta’s customers.
• Routinely participate in cross-vertical code reviews with emphasis on Security.
• Break down complex problems into sub-tasks while prototyping rapidly and iteratively contributing to security initiatives using agile practices.
• Coach and mentor junior engineers in the team.

Preferred Qualification and Abilities -----------------------------------

• 7+ years of development experience in designing and implementing software systems in Java, building highly reliable and mission-critical software.
• 3+ years of work experience in designing and implementing security solutions for applications and distributed systems.
• Work experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, Application Security, Cryptography, Authentication, Authorization using Role-Based and Attribute-Based access controls.
• Strong understanding of concepts such as Test-Driven development, Secure SDLC, Secure code reviews and the ability to identify and mitigate threat vectors and vulnerabilities in code and infrastructure.
• Good understanding and experience in using cloud service providers such as AWS and GCP.
• Developing and maintaining technical documentation such as cookbooks, design and architecture docs.
• Troubleshooting and fixing production issues to ensure reliability, security and performance.
• Work experience in using RDBMS like MySQL, good grasp of concepts such as replication and clustering along with familiarity in data stores such as Redis and Elasticsearch.
• Excellent grasp of software engineering principles coupled with strong written and verbal communication skills.
• B.S or M.S in Computer Science or related fields.

The Okta Experience ------------------ Supporting Your Well-Being Driving Social Impact Developing Talent and Fostering Connection + Community

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub