# Staff Product Security Engineer

**Company:** [Okta](https://hotfix.jobs/companies/okta)
**Location:** Bellevue, WA, Chicago, IL, New York, NY, San Francisco, CA, Washington, DC
**Role:** Security Engineering
**Salary:** $141k – $248k/yr
**Experience:** 7+ years
**Skills:** Penetration Testing, Threat Modeling, Secure Code Review, Owasp Top 10, SAML, OAuth, OIDC, Python, Java, Go, C/C++, Llm Security, SAST, DAST, Cryptography
**Posted:** 2026-06-24

> Staff-level product security engineer leading security reviews, threat modeling, penetration testing, and LLM/AI security assessments for Okta's identity platform. Requires deep manual security expertise and strong communication skills.

## Job Description

## What You Will Do
- Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
- Perform manual secure code reviews across multiple programming languages.
- Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams.
- Lead product security incidents, assess risks, and drive remediation efforts.
- Develop security tools and automation to improve vulnerability detection and assessment.
- Mentor junior engineers and provide guidance to non-security staff on secure development practices.
- Represent Okta externally through security research, conference talks, and publications.

## What You Bring
- Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review.
- Strong experience in penetration testing and secure development practices.
- Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures.
- Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++).
- Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth).
- Strong communication skills to explain risks and remediation to developers and leadership.
- Ability to automate security testing using LLMs and scripting (Python, Bash, etc.).
- Experience leading security incidents and risk assessments.

## Desired Skills and Abilities
- Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing.
- Familiarity with SAST, DAST, SCA, and fuzzing tools.
- Strong cryptographic knowledge and secure implementation practices.
- Experience analyzing network protocols and traffic security.
- Ability to develop proof-of-concept exploits to demonstrate vulnerabilities.

## Similar roles

- [Staff Engineer, Systems Safety (R4823)](https://hotfix.jobs/jobs/afa19cc4-739b-4ad7-8c67-327ecff457c5) - Shield AI - San Diego, CA - $140k – $210k/yr
- [Staff Security Detection Engineer](https://hotfix.jobs/jobs/680b64cc-81ee-419d-86eb-f4178a4e0b54) - Databricks - Remote - $143k – $273k/yr
- [Staff Cloud Security Engineer](https://hotfix.jobs/jobs/aa980ffc-df45-4961-97ec-011928aba41d) - NinjaTrader - Chicago, IL - $145k – $195k/yr
- [Staff Security Engineer](https://hotfix.jobs/jobs/5b580478-4136-48f8-bf55-d821d66f2a52) - Okta - San Francisco, CA - $134k – $185k/yr
- [Staff Security Engineer](https://hotfix.jobs/jobs/0101700c-8fbe-4218-ab4e-13b0bc3c0fc0) - LiveKit - Remote - $150k – $250k/yr

**Apply:** https://hotfix.jobs/jobs/049ea363-7a08-4041-a40c-8ef13a669441
**Canonical:** https://hotfix.jobs/jobs/049ea363-7a08-4041-a40c-8ef13a669441