Skip to content
OktaOktaSan Francisco, CA

Staff Product Security Engineer

Staff Product Security Engineer focused on offensive research and security assessments of agentic AI systems, LLM-integrated platforms, and building reusable security tooling. Requires 7+ years in application/offensive/AI security and demonstrated experience finding vulnerabilities in agentic architectures.

180k – 248k/yr
Hybrid7+ YOESecurity Engineering

About the role

What You Will Do

  • Conduct offensive security research focused on agentic AI systems: prompt injection, agent privilege escalation, tool-binding abuse, and agentic supply chain attacks against internal developer platforms.
  • Perform security assessments of Okta's AI platforms—including agentic systems and LLM-integrated products—across design, code, and runtime.
  • Build reusable security tooling that multiplies the entire Product Security team's capability.
  • Run the AI security vendor and tooling evaluation program: design and operate a benchmarking harness against AI security tools.
  • Perform manual code review of AI and agent-based system implementations across multiple languages.
  • Develop threat models for agentic architectures, orchestration layers, and LLM-integrated services.
  • Translate research findings into actionable guidance for engineering teams building AI-powered features and platforms.
  • Represent Okta externally through security research, conference presentations, white papers, and publications.
  • Mentor engineers across Product Security on AI/agentic security concepts, tooling, and assessment methodology.

What You Bring

  • 7+ years of experience in information security, with meaningful depth in application security, offensive research, or AI/ML security.
  • Demonstrated hands-on experience assessing LLM-integrated systems and agentic AI architectures—not just familiarity with the concepts, but evidence of having found real vulnerabilities in them.
  • Strong offensive mindset: the ability to model what an adversary does with an agentic system, identify where the model's reasoning or the orchestration layer breaks down, and construct scenarios that make the risk concrete.
  • Experience building security tooling and automation—scripts, scanners, detection logic, or evaluation harnesses—that other engineers actually use.
  • Proficiency in at least two programming languages (Python and one of: Go, Java, TypeScript, C/C++).
  • Advanced experience in threat modeling, manual code review, and penetration testing, applied to complex distributed systems.
  • Knowledge of authentication and authorization protocols (OIDC, OAuth 2.0, SAML) and their implementation risks.
  • Strong communication skills: the ability to write clearly for technical and non-technical audiences, document research findings with precision, and present at external venues.
  • Experience producing external security research—publications, conference talks, blog posts, or open-source tooling.

Desired Skills and Abilities

  • Familiarity with agentic framework internals (tool-use protocols, MCP, function-calling patterns, agent orchestration architectures).
  • Experience with SAST, DAST, SCA, and fuzzing tooling applied to AI/ML pipelines or CI/CD systems.
  • Strong cryptographic knowledge and experience in identifying cryptographic implementation flaws.
  • Ability to develop proof-of-concept exploits that demonstrate AI/agentic vulnerabilities to engineering and product leadership.
  • Experience contributing to security standards, SDL processes, or vulnerability research programs.

Skills

PythonGoJavaTypeScriptCC++Threat ModelingPenetration TestingManual Code ReviewSASTDASTScaFuzzingOIDCOauth 2.0
Vapi

Member of Technical Staff, DevSecOps

VapiSan Francisco, CA

Hands-on DevSecOps lead building and hardening security posture for a voice AI platform serving Fortune 500 customers. Focus on shift-left security, compliance automation, and multi-tenant infrastructure.

180k – 280k/yr
Hybrid5+ YOESecurity Engineering
xAI

Member of Technical Staff - Imagine Safety

xAIPalo Alto, CA

As a Product Safety Engineer on the Imagine team, you will build critical safety systems and infrastructure for Grok’s multimodal generation capabilities, ensuring responsible deployment. You will design and scale safeguards, detection systems, and evaluation frameworks to prevent harm while preserving creativity and user freedom.

180k – 440k/yr
On-siteSecurity Engineering
Order.co

Staff Security Engineer

Order.coUnited States

Staff-level security engineer owning cross-team security architecture, leading complex initiatives, and mentoring senior engineers. Requires deep expertise in Ruby on Rails, AWS, cloud security, compliance frameworks, and production systems at scale.

180k – 220k/yr
Remote8+ YOESecurity Engineering
xAI

Member of Technical Staff, X Platform Security

xAIPalo Alto, CA

Build AI-driven security tools using Grok to protect Kubernetes infrastructure and X platform applications. Requires 3+ years experience, expertise in Python/Rust/Go, and knowledge of container security and vulnerability scanning.

180k – 340k/yr
On-siteSecurity Engineering
Databricks

Staff Software Engineer - IAM

DatabricksBellevue, WA

Leads development of secure IAM systems for Databricks' data and AI platform, plugging security gaps and building highly available distributed systems. Requires 7+ years in data security, 10+ years in distributed systems, MS/PhD, and expertise in IAM, Kubernetes, cryptography.

181k – 261k/yr
On-site7+ YOESecurity Engineering