Staff-level product security engineer leading security reviews, threat modeling, penetration testing, and LLM/AI security assessments for Okta's identity platform. Requires deep manual security expertise and strong communication skills.
141k – 248k
Hybrid7+ YOESecurity Engineering
About the role
What You Will Do
Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
Perform manual secure code reviews across multiple programming languages.
Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams.
Lead product security incidents, assess risks, and drive remediation efforts.
Develop security tools and automation to improve vulnerability detection and assessment.
Mentor junior engineers and provide guidance to non-security staff on secure development practices.
Represent Okta externally through security research, conference talks, and publications.
What You Bring
Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review.
Strong experience in penetration testing and secure development practices.
Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures.
Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++).
Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth).
Strong communication skills to explain risks and remediation to developers and leadership.
Ability to automate security testing using LLMs and scripting (Python, Bash, etc.).
Experience leading security incidents and risk assessments.
Desired Skills and Abilities
Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing.
Familiarity with SAST, DAST, SCA, and fuzzing tools.
Strong cryptographic knowledge and secure implementation practices.
Experience analyzing network protocols and traffic security.
Ability to develop proof-of-concept exploits to demonstrate vulnerabilities.
Skills
Penetration TestingThreat ModelingSecure Code ReviewOwasp Top 10SAMLOAuthOIDCPythonJavaGoC/C++Llm SecuritySASTDASTCryptography
Leads safety requirements derivation, hazard analysis, and verification for safety-critical airborne software systems, ensuring compliance with DO-178C and related standards. Collaborates across engineering teams to integrate safety into architecture, code, and testing for airworthiness certification.
140k – 210k
On-site5+ YOESecurity Engineering
Staff Security Detection Engineer
DatabricksUnited States
Designs and implements scalable ML-driven intrusion detection solutions, optimizes log pipelines, and enhances threat detection on Databricks platform. Requires 10+ years experience in security detection engineering and expertise in cloud security, Python, and Spark.
143k – 273k
Remote10+ YOESecurity Engineering
Staff Cloud Security Engineer
NinjaTraderChicago, IL
Senior individual contributor owning cloud security architecture and guardrails for GCP workloads at a fintech trading platform. Leads threat modeling, edge defenses with Cloudflare/Armor, policy-as-code, incident response, and compliance controls while mentoring engineers.
145k – 195k
Hybrid8+ YOESecurity Engineering
Staff Security Engineer
OktaSan Francisco, CA
Staff Security Engineer embedded in TDI to build centralized security posture analytics, automate issue tracking and remediation, and drive AI-powered risk management across AWS, SaaS apps, and enterprise systems.
134k – 185k
On-site10+ YOESecurity Engineering
Staff Security Engineer
LiveKitUnited States
Staff Security Engineer owns security across applications, infrastructure, and workflows at LiveKit. Requires 6+ years software engineering experience, hands-on security expertise in cloud/container environments, threat modeling, and incident response.