Requirements This role is not suited for individuals who rely solely on automated vulnerability scanning. Instead, you must possess a deep technical understanding of web applications, backend services, penetration testing methodologies, and secure design principles
A successful candidate will have expertise in authentication protocols (SAML, OAuth, OIDC), threat modeling, and a strong desire to automate security processes by building tools that proactively identify vulnerabilities
The ideal candidate will also demonstrate a deep technical background in assessing AI-integrated software architectures and securing Large Language Models (LLMs) against emerging threats and modern vulnerability classes
The ideal candidate will have an attacker mindset—the ability to think critically, creatively, and like an adversary when solving security challenges
Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review
Strong experience in penetration testing and secure development practices
Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures
Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++)
Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth)
Strong communication skills to explain risks and remediation to developers and leadership
Ability to automate security testing using LLMs and scripting (Python, Bash, etc.)
Experience leading security incidents and risk assessments
(Desirable) Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing
(Desirable) Familiarity with SAST, DAST, SCA, and fuzzing tools
(Desirable) Strong cryptographic knowledge and secure implementation practices
(Desirable) Experience analyzing network protocols and traffic security
(Desirable) Ability to develop proof-of-concept exploits to demonstrate vulnerabilities
What the job involves As a Staff Product Security Engineer, you will play a critical role in safeguarding Okta's products by conducting comprehensive security reviews, guiding engineering teams in secure development practices, and handling externally reported vulnerabilities
You will engage in code reviews, penetration testing, and architectural security assessments to ensure the security of Okta's platforms and features
You will also be responsible for communicating risks, impact, and remediation strategies to developers, leadership, and external audiences through documentation, presentations, and external publications
Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes
Perform manual secure code reviews across multiple programming languages
Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams
Lead product security incidents, assess risks, and drive remediation efforts
Develop security tools and automation to improve vulnerability detection and assessment
Mentor junior engineers and provide guidance to non-security staff on secure development practices
Represent Okta externally through security research, conference talks, and publications
#J-18808-Ljbffr