# Staff Security Engineer **Company:** [Okta](https://hotfix.jobs/companies/okta) **Location:** San Francisco, CA **Salary:** $134K-$185K **Experience:** 10+ years **Skills:** Snyk, Semgrep, Qualys, AWS, DevSecOps, Cspm, CI/CD, Ispm, Sspm, Cyera **Posted:** 2026-06-25 > Staff Security Engineer embedded in TDI to build centralized security posture analytics, automate issue tracking and remediation, and drive AI-powered risk management across AWS, SaaS apps, and enterprise systems. ## Job Description ## Security Posture Management - Up-level Security Posture Management program to handle issues identified by security tooling across the ecosystem. - Leverage dashboards and visualization tools to showcase vulnerability and issue management progress and status. - Manage Security Posture Management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating issues from tools (ISPM, DSPM, Qualys, etc.), and developing automated systems at scale. - Configure and operationalize tools such as Snyk, Semgrep, and Qualys to expand scanning coverage for all TDI assets. - Collaborate with teams to troubleshoot and remediate findings; provide technical mentorship to developers and admins. - Develop and maintain metrics, reporting, and executive visibility based on findings from ISPM/SSPM, Snyk, Semgrep, Qualys, Cyera, and other security platforms to drive ownership, accountability, prioritization, and measurable risk reduction. - Partner with Security and GRC to communicate risk posture and remediation status. ## Secure Development & DevSecOps Enablement - Partner with product and engineering teams to advise on secure coding, build pipelines, and deployment best practices. - Support and enforce ProdSec SDL adoption across business units, standardizing design reviews and requirements gathering. - Implement secrets rotation automation and best practices for secrets management across TDI systems. - Lead “shift left” security efforts to build security into the SDLC. ## Baseline Image & Environment Security - Collaborate with SRE to manage update pipelines and enforce compliance with baseline standards. - Conduct light Security Architecture Reviews (SARs) for lower environments to confirm proper controls and data handling. ## Automation, AI Development & Continuous Improvement - Develop agentic automation to scale security posture scanning, reporting, issue remediation, and patch validation. - Architect E2E automation flows and system design for an AI agent and its subagents (e.g., remediation agent, security posture management triage agent). - Identify and close gaps across CSPM, CI/CD pipeline security, and endpoint hardening. - Provide technical guidance for integrating security into business and productivity platforms (Salesforce, ERP, Google Workspace, Slack, Zoom). ## Requirements - 10+ years of experience in Security Engineering, DevSecOps, Infrastructure Security, or SaaS apps within a SaaS or enterprise environment. - Hands-on technical expertise in scanning, patching, and remediation of issues across cloud and SaaS ecosystems. - Experience deploying and managing Snyk, Semgrep, and Qualys tools. - Strong knowledge of AWS security practices, SRE principles, and securing business technology stacks (Salesforce, ERP, Google, Slack, Zoom). - Proven ability to coach, mentor, and collaborate with development teams to improve remediation velocity. - Practical understanding of secure SDLC/PDLC, supply chain security, and secrets management. - Experience building security tools/applications and automated tools. - Proficient with visualization/BI tools to create dashboards and provide reporting to leadership and stakeholders. - Experience driving remediation across issues raised by posture management solutions. - Excellent troubleshooting and communication skills with a proactive, solution-oriented mindset. **Apply:** https://hotfix.jobs/jobs/staff-security-engineer-at-okta-5b580478-4136-48f8-bf55-d821d66f2a52 **Canonical:** https://hotfix.jobs/jobs/staff-security-engineer-at-okta-5b580478-4136-48f8-bf55-d821d66f2a52