Senior Offensive Security Engineer

Job Overview

Offensive Security Engineers are responsible for attacking the Okta platform, code, vendors, and infrastructure along with building automation to solve complex problems and participate in red team adversarial engagements. 

 

This position is not one where someone who only operates on scanner-based vulnerabilities will be successful.  The ideal candidate will be required to demonstrate technical knowledge in webapp, appsec, and backend testing methodology & techniques. Experience with Okta authentication protocols, a strong desire to automate tasks as well as build tooling for red team adversarial scenarios is a plus. Furthermore, the ideal candidate should be comfortable communicating vulnerabilities to developers, technical leadership, and management through concise documentation of their work.

 

The most important quality is an “evil bit” - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity in your daily flow. We  support externally publishing exciting findings inside and out of work in the form of papers, blog posts, and live presentations at conferences of your choice.

Job Duties and Responsibilities:

  • Knowledge of AWS and/or Google Cloud Compute from an attacker perspective
  • Experience utilizing and attacking secOps / techOps tooling, infrastructure, and automation
  • Own relationships within Okta teams as a security SME for architecture and threat mitigations
  • Work with 3rd party vendors to carefully test their products without causing outages or incidents
  • Develop, implement, and communicate vulnerability mitigation strategies to development teams
  • Work solo and collaboratively while delivering simultaneous projects on a deadline
  • Think like an attacker to solve complex problems with expertise and ingenuity
  • Give presentations and represent Okta in private or public venues

 

Required Knowledge, Skills, and Abilities:

  • Knowledge in current cryptographic algorithms and techniques
  • Experience automating exploit testing and repetitive tasks
  • Experience providing security architecture guidance and mitigations to teams
  • 3+ years experience penetration testing web applications and infrastructure

 

Desired skills and Abilities:

  • 2+ years experience in security code review (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.)
  • Experience reverse engineering Linux, Windows, or mobile binaries
  • Experience in research and presenting findings (internally or externally) in the security field
  • Experience attacking and exploiting black box applications
  • Experience building & maintaining team automation in AWS

 

Education:
• Bachelor's degree in Computer Science, Computer Engineering or equivalent experience preferred

 

#LI-Remote

Okta is an Equal Opportunity Employer.

Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located.  We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live.  Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs.  Find your place at Okta https://www.okta.com/company/careers/. 

By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta.  More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.

Apply

Resume
Upload Resume/CV (PDF must be less than 8 MB )
Cover Letter
Upload Cover Letter (PDF must be less than 8 MB )
U.S. Equal Opportunity Employment Information (Click here for instructions)

We request this data to promote diversity, inclusion, and belonging and to ensure we maintain fair and equitable hiring practices. Responding to the survey is voluntary.