Job Directory Okta Application Security Engineer (Senior/Staff/Principal)

Application Security Engineer (Senior/Staff/Principal) Okta
San Francisco, CA

Okta (formerly known as SaaSure) is a provider of an independent identity management platform for enterprises.

Companies like Okta
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About Okta

Job Description

Application Security Engineers are responsible for conducting security reviews on all of Okta's products. This ranges from code reviews, penetration tests, and architectural reviews on new features and existing code, to providing security education and guidance for the entire organization.

This position is not for someone who operates solely on scanner-based vulnerabilities. You will be required to demonstrate a strong technical understanding of web applications, backend services, penetration techniques and methodologies. You should have a clear understand of Okta's authentication protocols, such as SAML and OAuth. Furthermore, you should have the desire to automate tasks by building tools to help discovery vulnerabilities and be comfortable explaining and communicating vulnerabilities to developers, management and leadership by creating thorough documentation of findings.

The most important quality we are looking for is someone who has an "evil bit" - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity. At Okta we fully support externally publishing exciting new findings and will help you do it in the form of white papers, blog posts, and live presentations at conferences of your choice.

Job Duties and Responsibilities:

* Work closely with Engineering teams on Design Reviews for new features or major changes
* Audit code for security flaws and best practices
* Perform Penetration Tests on new features and on the platform as a whole
* Develop, implement, and communicate vulnerability mitigation strategies to development teams
* Work solo and collaboratively to deliver projects on a deadline
* Think like an attacker and solve complex problems with expertise and ingenuity
* Give security presentations and represent Okta in private or public venues

Required Knowledge, Skills, and Abilities:
* 1-5+ years of experience in security code review (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.)
* Experience in Web Application Penetration Testing
* Knowledge of AWS and/or Google Cloud Compute from an attacker perspective
* Experience automating vulnerability discovery and repetitive tasks
* Experience in attacking network protocols and analyzing network traffic

Desired skills and Abilities:

* Knowledge in current cryptographic algorithms and techniques
* Experience in research and presenting findings (internally or externally) in the security field
* Experience reverse engineering Linux or Windows binaries


* Bachelor's degree in Computer Science, Computer Engineering or equivalent experience is a plus

Okta is an Equal Opportunity Employer


About Okta

Okta (formerly known as SaaSure) is a provider of an independent identity management platform for enterprises.

2379 employees

100 First Plaza, 100 1st St, San Francisco

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.