The Security Reviews team is responsible for conducting security reviews on all of Okta’s products and handling externally reported vulnerabilities. This ranges from code reviews, penetration tests, and architectural reviews on new features and existing code, in order to provide security guidance to the entire organization. We work alongside the DevSecOps and Education teams to provide a consistent methodology for working with the engineering teams across Okta.
We are looking for an experienced Manager or Team Leader looking to grow into a Manager position, who will work closely with Application Security Engineers within Security Reviews and also interact with other security departments, such as Privacy and Security Compliance.
Job Duties and Responsibilities:
- Work closely with Engineering teams on to understand their current needs and identify new potential improvements
- Manage programs and projects, in collaboration with engineering and product teams that focus on improvements to process, metrics, and framework around application security
- Monitor key performance indicator (KPI) metrics; track and report on program performance; provide reporting to senior management on a regular cadence
- Communicate vulnerability mitigation strategies to development teams
- Mentor and develop engineers as they advance in their own careers.
- Give security presentations and represent Okta in private or public venues
Required Knowledge, Skills, and Abilities:
- Demonstrated success as an security engineering lead/manager fostering highly functional, healthy, inclusive and collaborative teams.
- Experience managing a geographically distributed security engineering team
- Ability to identify common (OWASP Top 10/CWE Top 25) web application vulnerabilities through secure code review (Java, .Net, Go, C, C++, C#, Swift, Kotlin, Python)
- Ability to conduct a manual Web Application Penetration Test using industry standard tools (ex: Burp Suite)
- Knowledge of modern web application components, architecture, and design principles
- Ability to explain vulnerability risks and remediation options to developers
- Beginner level coding ability in at least one scripting language (ex: Python, Bash)
Desired skills and Abilities:
- Knowledge in current authentication and authorization protocols (OIDC, SAML)
- Experience in mobile device (Android and/or iOS) application penetration testing
- Knowledge in current cryptographic algorithms and techniques
- Experience writing proof of concept scripts to demonstrate vulnerability exploitation
Education: Bachelor's degree in Computer Science, Computer Engineering or equivalent experience is a plus