Offensive Security Engineers are responsible for attacking the Okta platform, code, vendors, and cloud infrastructure along with building automation to solve complex problems and participate in red team adversarial engagements.
This position is not one where someone who only operates on scanner-based vulnerabilities will be successful. The ideal candidate will be required to demonstrate strong technical knowledge in AWS, webapp, appsec, and backend testing methodology & techniques. Experience with Okta authentication protocols, proven ability to compromise AWS & Google Cloud Compute resources, a strong desire to automate tasks as well as build tooling for red team adversarial scenarios. Furthermore, the ideal candidate should have knowledge in secOps tooling / techniques, and must be comfortable communicating vulnerabilities to developers, technical leadership, and management through concise documentation of their work
The most important quality is an “evil bit” - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity in your daily flow. We support externally publishing exciting findings inside and out of work in the form of papers, blog posts, and live presentations at conferences of your choice.
Job Duties and Responsibilities:
- Strong knowledge of AWS and/or Google Cloud Compute from an attacker perspective - demonstrate the ability to abuse trusted relationships and misconfigurations
- Strong experience utilizing and attacking secOps / techOps tooling, infrastructure, and automation
- Own relationships within Okta teams as a security SME for cloud security architecture and threat mitigations
- Work with 3rd party vendors to carefully test their products without causing outages or incidents
- Develop, implement, and communicate vulnerability mitigation strategies to development teams
- Think like an attacker to solve complex problems with expertise and ingenuity
- Build disposable, repeatable, and verifiable automation and infrastructure for ad-hoc engagements
- Give presentations and represent Okta in private or public venues
Required Knowledge, Skills, and Abilities:
- Experience architecting, evaluating, and building secure AWS or GCP solutions
- Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities
- Experience using Terraform to build proof of concept environments
- Knowledge in current cryptographic algorithms and techniques
- Experience automating exploit testing and repetitive tasks
- 4+ years experience penetration testing web applications and infrastructure
Desired skills and Abilities:
- Experience building & maintaining team automation in AWS
- 3+ years experience in security code review (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.)
- Experience reverse engineering Linux, Windows, or mobile binaries
- Experience in research and presenting findings (internally or externally) in the security field
- Experience attacking and exploiting black box applications
• Bachelor's degree in Computer Science, Computer Engineering or equivalent experience preferred
Okta is an Equal Opportunity Employer.
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.