Staff Product Security Engineer, Reviews

Secure Every Identity, from AI to Human

Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

The Staff Product Security Engineer Opportunity

As a Staff Product Security Engineer, you will play a critical role in safeguarding Okta’s products by conducting comprehensive security reviews, guiding engineering teams in secure development practices, and handling externally reported vulnerabilities. You will engage in code reviews, penetration testing, and architectural security assessments to ensure the security of Okta’s platforms and features.

This role is not suited for individuals who rely solely on automated vulnerability scanning. Instead, you must possess a deep technical understanding of web applications, backend services, penetration testing methodologies, and secure design principles.

A successful candidate will have expertise in authentication protocols (SAML, OAuth, OIDC), threat modeling, and a strong desire to automate security processes by building tools that proactively identify vulnerabilities. You will also be responsible for communicating risks, impact, and remediation strategies to developers, leadership, and external audiences through documentation, presentations, and external publications. The ideal candidate will also demonstrate a deep technical background in assessing AI-integrated software architectures and securing Large Language Models (LLMs) against emerging threats and modern vulnerability classes.

The ideal candidate will have an attacker mindset—the ability to think critically, creatively, and like an adversary when solving security challenges. We actively support public disclosure of research and findings through white papers, blog posts, and conference presentations.

What You Will Do

• Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
• Perform manual secure code reviews across multiple programming languages.
• Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams.
• Lead product security incidents, assess risks, and drive remediation efforts.
• Develop security tools and automation to improve vulnerability detection and assessment.
• Mentor junior engineers and provide guidance to non-security staff on secure development practices.
• Represent Okta externally through security research, conference talks, and publications.

What You Bring

• Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review.
• Strong experience in penetration testing and secure development practices.
• Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures.
• Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++).
• Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth).
• Strong communication skills to explain risks and remediation to developers and leadership.
• Ability to automate security testing using LLMs and scripting (Python, Bash, etc.).
• Experience leading security incidents and risk assessments.

Desired Skills and Abilities

• Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing.
• Familiarity with SAST, DAST, SCA, and fuzzing tools.
• Strong cryptographic knowledge and secure implementation practices.
• Experience analyzing network protocols and traffic security.
• Ability to develop proof-of-concept exploits to demonstrate vulnerabilities.

 

#LI-SM1

#LI-Hybrid

P25262_3462000

Below is the annual salary range for candidates located in Canada. Your actual salary will depend on factors such as your skills, qualifications, and experience. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental, and vision insurance, RRSP with a match, healthcare spending, telemedicine, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program, please visit:  .

The annual base salary range for this position for candidates located in Canada is between:

$141,000—$193,600 CAD

The Okta Experience

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please  use this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please  click here to view our full NYC AEDT Notice.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at  .