You will design and ship high-precision detections across cloud services and enterprise SaaS, develop automation that shortens response timelines, and mature the telemetry pipelines that make it all possible. Your ability to write production-quality code is just as important as your ability to triage an alert.

Responsibilities:

• Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.

• Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.

• Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.

• Perform digital incident investigations to identify and contain potential security breaches.

• Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.

• Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.

• Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organisation.

• Utilize threat intelligence platforms to improve hunting, detection, and response workflows.

• Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.

Ideal Candidate:

• 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.

• Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code , not just scripts.

• Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.

• Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.

• Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.

• Familiarity with digital forensics tools and malware analysis techniques.

• Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.

• Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.

• Strong communication skills, with the ability to translate complex security findings into clear business impact.

• Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You’ll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

XML job scraping automation by YubHub

You will report to the Senior Manager in the OFCTO organization.

Key responsibilities include:

• Strategic Customer Engagement: Support strategic customer conversations aligning with technical and engineering leaders and stakeholders. Deliver on emerging trends, industry best practices, and identity-driven digital transformation. Assist in preparing executive-level messaging and participate in strategic discussions to align Okta's solutions with customer business outcomes.

• Technical Leadership: Provide strategic and technical guidance to Solutions Engineering teams across both the Okta and Auth0 identity platforms. Collaborate with the Global Office of Field CTO office team to deliver actionable insights from the field, validate customer needs, and identify recurring trends for the Okta Product & Engineering teams.

• Field Enablement and Collaboration: Contribute to frameworks, tools, and content to support Solutions Engineering teams in executing effectively. Partner with sales leadership to identify and address critical business opportunities and challenges. Drive cross-functional collaboration to ensure seamless execution of global initiatives.

• Market Influence: Represent Okta as a thought leader in the identity and security space. Influence industry standards and participate in relevant technical advisory boards.

• Innovation and Strategy: Partner closely with OFCTO teams as an advocate for customer-driven innovation, market trends, and GTM insights to provide input to influence product teams. Support, derive, and champion strategic initiatives that enhance Okta's differentiation and business impact.

Position Requirements:

• Identity & Directory Services Mastery: Deep Infrastructure Knowledge: Expert-level understanding of Active Directory (AD) and Azure AD (Entra ID) or similar, including Group Policy Objects (GPOs), Kerberos, and OIDC/SAML protocols.

• Multi-IdP Ecosystems: Proficiency in managing and securing diverse Identity Providers (IdPs) like Okta, Ping Identity, and Google Workspace.

• Hybrid Identity: Experience managing the complexities of identity synchronization between on-premises environments and the cloud.

• Device Identity & Access Management Mastery: Passwordless Expertise: Deep, hands-on knowledge of FIDO2/WebAuthn, Passkeys, and implementing passwordless authentication strategies using solutions like Okta FastPass.

• Endpoint & Device Context: Strong understanding of Desktop MFA, device registration, and leveraging device posture signals from MDM/UEM (e.g., Jamf, Intune, Workspace ONE) and EDR (e.g., CrowdStrike) platforms to enforce risk-based access policies.

• PKI & Certificate Management: Familiarity with certificate-based authentication and its role in establishing device trust.

• Identity Threat Detection & Response (ITDR): Threat Landscape Knowledge: A thorough understanding of modern identity attack vectors, including phishing, token theft, MFA bypass techniques, and lateral movement.

• Behavioral Analysis: Experience with User and Entity Behavior Analytics (UEBA) and the ability to interpret threat signals to detect and respond to suspicious activity.

• Security Ecosystem Integration: Proficiency in designing solutions that integrate identity platforms with SIEM (e.g., Splunk, Sentinel) and SOAR tools for automated threat response.

• Strong communication and presentation skills, with experience contributing to technical events.

Travel expectation: up to 40% for customer meetings, industry events, and internal off-sites.

This is a remote position.

XML job scraping automation by YubHub