Staff Product Security Engineer

What You Will Do

• Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
• Perform manual secure code reviews across multiple programming languages.
• Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams.
• Lead product security incidents, assess risks, and drive remediation efforts.
• Develop security tools and automation to improve vulnerability detection and assessment.
• Mentor junior engineers and provide guidance to non-security staff on secure development practices.
• Represent Okta externally through security research, conference talks, and publications.

What You Bring

• Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review.
• Strong experience in penetration testing and secure development practices.
• Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures.
• Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++).
• Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth).
• Strong communication skills to explain risks and remediation to developers and leadership.
• Ability to automate security testing using LLMs and scripting (Python, Bash, etc.).
• Experience leading security incidents and risk assessments.

Desired Skills and Abilities

• Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing.
• Familiarity with SAST, DAST, SCA, and fuzzing tools.
• Strong cryptographic knowledge and secure implementation practices.
• Experience analyzing network protocols and traffic security.
• Ability to develop proof-of-concept exploits to demonstrate vulnerabilities.