Principal Classified Systems Architect, Okta Federal

What you’ll be doing

• Act as the central point for defining and evolving the architecture of Okta Federal’s SIPR/JWICS environments, ensuring alignment with DoD reference designs while tailoring them to Okta’s specific product needs.
• Design resilient, scalable infrastructure-as-code (IaC) and blueprints for air-gapped environments, solving unique challenges related to disconnected operations, cross-domain solutions (CDS), and "sneaker-net" patch management.
• Collaborate closely with Product Engineering (ORD), Site Reliability Engineers (SREs), Business Application teams, Collaboration Engineering teams, and Security teams to translate complex compliance controls (DISA STIGs, RMF) into automated technical implementations that minimize friction for developers.
• Guide the selection and integration of "High Side" tools and technologies, prioritizing compliant, maintainable, and low-vulnerability solutions (e.g., utilizing Iron Bank hardened containers) that deliver a superior user experience for internal engineering teams.
• Review and approve architectural changes and major system upgrades across the classified boundary, ensuring that operational drift does not introduce security risks or break compliance postures.
• Measure success through a combination of quantitative metrics (platform uptime, ATO velocity, patch latency, vulnerability resolution time) and qualitative feedback (developer satisfaction, ease of deployment).
• Establish the technical strategy for "High Side" observability and continuous monitoring, designing architectures that satisfy strict auditing requirements without sacrificing operational visibility.

What you’ll bring to the role

• 12+ years of experience in systems architecture, DevSecOps engineering, or a similar role, with at least 5 years focused on DoD Classified environments (IL6/Secret or higher).
• Deep expertise in the DoD software ecosystem, specifically with Platform One/Cloud One, Big Bang, and Iron Bank. You should understand how to deploy, configure, and maintain these platforms in disconnected environments.
• Strong understanding of Kubernetes (EKS/RKE2) and container orchestration in air-gapped setups, including the nuances of managing container registries, Helm charts, and sidecars without internet access.
• Demonstrated hands-on experience architecting solutions that meet strict federal compliance frameworks, specifically DoD CC SRG IL6, NIST 800-53, and FIPS 140-3 cryptography standards.
• Proven experience working with Cross Domain Solutions (CDS) and architecting secure data transfer workflows between Low Side (IL5) and High Side (SIPR/JWICS) networks.
• Experience implementing Zero Trust Architecture (ZTA) principles in legacy or restrictive network environments.
• Excellent collaboration and communication skills, with the ability to summarize and explain complex "High Side" constraints to uncleared Commercial stakeholders and influence decision-making across various business units.