Browse
Employers / Recruiters

Senior Product Security Engineer, Reviews

okta · 30+ days ago
Negotiable
Full-time
Continue
By pressing the button above, you agree to our Terms and Privacy Policy, and agree to receive email job alerts. You can unsubscribe anytime.

Get to know Okta

Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. 

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. 

Join our team! We’re building a world where Identity belongs to you.

Senior Product Security Engineer, Reviews 

Product Security Engineers are responsible for conducting security reviews on all of Okta’s products, providing security education to our engineers, and handling externally reported vulnerabilities. This ranges from code reviews, penetration tests, and architectural reviews on new features and existing code, in order to provide security education and guidance to the entire organization.

This position is not for someone who operates solely on scanner-based vulnerabilities.  You will be required to demonstrate a strong technical understanding of web applications, backend services, penetration testing techniques and methodologies.  You should have a clear understanding of Okta's authentication protocols, such as SAML and OAuth.  Furthermore, you should have the desire to automate tasks by building tools to help discover vulnerabilities and be comfortable explaining and communicating vulnerabilities to developers, management and leadership by creating thorough documentation of findings.

The most important quality we are looking for is someone who has an “evil bit” - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity. At Okta we fully support externally publishing exciting new findings and will help you do it in the form of white papers, blog posts, and live presentations at conferences of your choice.

Job Duties and Responsibilities:

  • Work closely with Engineering teams on Design Reviews and Threat Models for new features or major changes
  • Audit code for security flaws and adherence to best practices
  • Perform penetration tests on new features and platforms as a whole
  • Develop, implement, and communicate vulnerability mitigation strategies to development teams
  • Work both solo and collaboratively to deliver projects on a deadline
  • Think like an attacker and solve complex problems with expertise and ingenuity
  • Give security presentations and represent Okta in private or public venues

Required Knowledge, Skills, and Abilities:

  • Expertise in identifying common (OWASP Top 10/CWE Top 25) web application vulnerabilities through secure code reviews (Java, .Net, Go, C, C++, C#, Swift, Kotlin, Python)
  • Proficient in conducting manual web application penetration tests using industry-standard tools
  • Extensive knowledge of modern web application components, architecture, and design principles
  • Ability to explain vulnerability risks, impact and remediation options to developers
  • Coding ability in at least one scripting language (ex: Python, Bash)
  • Capable of taking point on product security incidents and providing recommendations to the organization. 
  • Be able to identify risks on large features or new products as well as being able to provide clear mitigations and follow up on remediation efforts
  • Ability to provide guidance and mentorship to junior engineers as well as non-security staff

 Desired Skills and Abilities:

  • Working knowledge of current authentication and authorization protocols (OIDC, SAML)
  • Experience in mobile device (Android and/or iOS) application penetration testing
  • Experience with testing Windows desktop applications
  • Experience with SAST, DAST, SCA, and fuzzing tools
  • Knowledge of current cryptographic algorithms and techniques
  • Experience in attacking network protocols and analyzing network traffic
  • Experience writing proof-of-concept scripts to demonstrate vulnerability exploitation

#LI-JP2 

#LI-Remote

What you can look forward to as an Full-Time Okta employee!

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Privacy Policy at https://www.okta.com/privacy-policy/

Last updated on Aug 15, 2024

See more

About the company

More jobs at okta

Analyzing
Developed by Blake and Linh in the US and Vietnam.
We're interested in hearing what you like and don't like! Live chat with our founder or join our Discord
Changelog
🚀 LaunchpadNov 27
Create a site and sell services based on your resume.
🔥 Job search dashboardNov 13
Revamped job search UI with a sortable grid, live filtering, bookmarks, and application tracking.
🫡 Cover letter instructionsSep 27
New Studio settings give you control over AI output.
✨ Cover Letter StudioAug 9
Automatically generate cover letters for any job.
🎯 Suggested filtersAug 6
Copilot suggests additional filters above the results.
⚡️ Quick applicationsAug 2
Apply to jobs using info from your resume. Initial coverage of ~200k jobs in Spain, Germany, Austria, Switzerland, France, and the Netherlands.
🧠 Job AnalysisJul 12
Have Copilot read job descriptions and extract out key info you want to know. Click "Analyze All" to try it out. Click on the Copilot's gear icon to customize the prompt.
© 2024 RemoteAmbitionAffiliate · Privacy · Terms · Sitemap · Status