Your responsibilities will include developing self-service security frameworks and 'paved roads' that allow engineering teams to ship secure code by default. You will focus on automated guardrails for common vulnerabilities, while prioritising deep-dive design reviews into complex business logic and data isolation issues. You will also partner with product and engineering teams to review designs early, contribute to threat modelling for new features and complex initiatives, and provide clear, actionable security guidance.

You will research emerging threats and evolving best practices, specifically regarding AI and LLM safety, and implement controls to secure these workflows. You will manage and evolve our approach to external penetration testing and bug bounties, driving remediation for findings and treating vulnerability management as an engineering problem.

You will contribute to the long-term roadmaps, metrics, and strategic planning for the security team. As a senior member of the team, you will lead complex threat modelling sessions for major product launches and define secure coding standards, and actively mentor other engineers to raise the technical security bar across the organisation.

We are looking for a highly experienced Product Security Engineer with a strong background in computer science or a related field, and proficiency in writing clean, maintainable code. You should have deep familiarity with JavaScript or TypeScript, Node.js, and modern web application frameworks, and be able to reason about the security implications of systems built on them. You should also have hands-on experience securing LLM integrations and identifying prompt injection or data leakage risks.

You will excel at communicating complex security risks to non-security stakeholders and enjoy collaborating cross-functionally to find solutions that balance security with engineering velocity. You will be comfortable working in a fast-paced environment, navigating ambiguity, continuously learning about emerging threats and technologies, and contributing to long-term security strategy.

XML job scraping automation by YubHub

Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organisations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

Staff Security Engineer

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

Responsibilities

The Staff Security Engineer is a key role for strengthening the organisation's security posture. You'll be responsible for performing security assessments of third-party integrations and connected apps, with a focus on mitigating API-related security risks. This position is vital for ensuring a 'secure-by-design' approach for critical systems within the organisation.

What You Will Do

• Lead Technical Security Reviews: Perform in-depth security reviews and threat modelling for complex enterprise applications and third-party integrations.

• Operationalize AI for Security: Take the lead in deploying and managing AI for Security use cases, such as integration security reviews, to automate and scale security operations.

• Risk Analysis & Documentation: Analyse and document API permissions and risk levels for major integrations (e.g., Salesforce, Slack, Google) to ensure they meet internal standards.

• Develop Workflow Processes: Collaborate with stakeholders to design and implement repeatable security review workflows, such as the Salesforce API Integration Review.

• Vulnerability & Control Gap Mitigation: Identify potential vulnerabilities and security control gaps in connected apps and recommend technical mitigation strategies to stakeholders.

• Report & Visualize Posture: Contribute to and maintain metrics and dashboards that demonstrate the organisation's overall security posture for leadership.

What You Bring

• Deep Technical Expertise: Proven experience in information security, specifically within application and enterprise security domains.

• API & Integration Specialist: Strong background in assessing and mitigating risks associated with third-party APIs and connected application ecosystems.

• Advanced Security Principles: Understanding of 'secure-by-design' principles and the 'least privilege' model.

• Practical Threat Modelling: Hands-on experience identifying attack vectors and conducting risk assessments for complex systems.

• Tooling & AI Proficiency: Experience working with security platforms for analysing application permissions and an interest or background in applying AI to streamline security tasks.

• Collaborative Influencer: Exceptional communication skills with a track record of aligning multiple teams toward shared security goals.

• Education: A Bachelor's degree in Computer Science, information security, or a related field.

Benefits

In addition to the annual base salary range for this position, Okta offers equity (where applicable), bonus, and benefits, including health, dental, and vision insurance, RRSP with a match, healthcare spending, telemedicine, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

XML job scraping automation by YubHub

Key responsibilities include:

• Conducting end-to-end assessments of our core banking platform
• Performing code reviews to identify logic flaws and security anti-patterns
• Participating in threat modelling sessions with different teams
• Contextualising technical vulnerabilities into 'Real-World Risk' scenarios
• Collaborating with Infrastructure teams to audit and secure cloud configurations
• Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains
• Providing clear, actionable remediation advice that balances security requirements with engineering velocity

Requirements include:

• 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs
• Expert-level proficiency with industry-standard tools and the ability to 'go manual' when scanners fail
• Experience with Cloud Security, specifically AWS/EKS
• Ability to conduct code reviews in multiple languages, primarily Java and Go
• Proven experience in threat modelling
• SDLC knowledge
• Scripting skills

Soft skills include:

• Exceptional written and spoken communication skills
• Self-starting nature
• Ability to work independently while remaining a collaborative partner to the wider engineering team
• Adaptability

Benefits include:

• 25 days holiday (plus take your public holiday allowance whenever works best for you)
• An extra day's holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care

About Us

You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion.

XML job scraping automation by YubHub

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Cyber Harms Technical Policy Manager, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviours and prevent misuse by sophisticated threat actors.

In this role, you will:

• Lead and grow a team of technical specialists focused on cyber threat modelling and evaluation frameworks
• Design and oversee execution of capability evaluations ('evals') to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modelling experts to develop training data for safety systems, and with ML engineers to train these systems, optimising for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyse safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You may be a good fit if you have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialised technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defence, intelligence, or security organisations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

XML job scraping automation by YubHub