Senior Software Engineer, Security Engineering

Get to know Okta

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

We are looking for a highly motivated Senior Software Engineer, Security Engineering to join our security team. This role will primarily focus on remediating security vulnerabilities, with a specific emphasis on remediating dependency vulnerabilities from various sources supported by in-house automations. The ideal candidate will ensure issues are accurately identified, prioritized, and communicated for remediation, and will also contribute to building and maintaining a centralized CI pipeline that ensures the quality of the fixes. You will play a key role in maintaining our security posture.

Responsibilities:

• Build security automations for internal use that enables Security Engineering to operate at high speed and wide scale.

• Triaging vulnerabilities identified from different sources such as application security reviews, Pentest, SAST, DAST, and SCA, with a strong focus on validating and remediating open-source dependency vulnerabilities.

• Execute the end-to-end dependency remediation process, including:

• Analyzing and validating findings from SCA tools like Snyk

• Creating and managing Pull Requests (PRs) for dependency upgrades/patches.

• Testing and verifying that the upgraded dependencies resolve the vulnerability without introducing regressions.

• Automate the process described above as much as possible.

• Drive the prioritization and remediation plan for vulnerabilities in partnership with engineering teams.

• Contribute to the design and implementation of centralized CI pipelines to embed security throughout the development lifecycle.

• Provide support in grooming vulnerability backlog and vulnerability metrics reporting.

Our Ideal Candidate Will Have:

• Good understanding of Web application security, identification, and remediation of code and design flaws.

• Experience in Building security tooling and automation scripts. Must be very hands on.

• Good development experience in at least one of the following: Go and/or Python.

• Strong practical experience in remediating third-party and open-source dependency vulnerabilities.

• Proficiency with Software Composition Analysis (SCA) tools like Snyk and socket.dev.

• Solid experience with Git, GitHub, and the Git CLI for source code management, branching, merging, and PR workflows.

• Experience in building or maintaining centralized CI/CD pipelines (e.g., using GitHub Actions, Jenkins, GitLab CI, etc.).

• Good understanding of OWASP Top 10 vulnerabilities.

• Good Experience in enterprise vulnerability management.

• Experience in source code review.

• Experience with security tools (SCA, SAST, DAST, Burp Proxy, ZAP Proxy etc.)

• Ability to explain complex security issues and their impact to diverse audiences.

• Familiarity with cloud platforms (AWS, Azure) and their security features.

• Experience with Agile software development practices. Knowledge of Scrum and Kanban is beneficial. Understanding of Agile estimation and iterative processes.

Also Nice to Have:

• Hands-on experience with Kubernetes and container security principles.

• Experience specifically securing workloads within the AWS ecosystem.

• Experience with OWASP Top 10 security vulnerabilities.

• Any cloud infrastructure automation skills (Terraform).

• Experience with Agile software development practices. Knowledge of Scrum and Kanban is beneficial. Understanding of Agile estimation and iterative processes

Hybrid #LI-Hybrid

P24006_3294050

What you can look forward to as a Full-Time Okta employee!

• Amazing Benefits

• Making Social Impact

• Developing Talent and Fostering Connection + Community at Okta

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.

Some roles may require travel to one of our office locations for in-person onboarding.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.