Application Security Engineers working within the DevSecOps Team have as their main responsibility the adoption, deployment, fine tuning, and development of tools, services and processes to enable automated vulnerability discovery.
We're looking for a Security Engineer to join the team to focus on Software Composition Analysis (SCA/OSS), taking ownership and improving our current services, and expanding our collaboration with Engineering, Compliance and other internal stakeholders.
The most important quality we are looking for is someone who can think about application security at scale. We use available open source and commercially available products, but we complement and orchestrate these through automation developed in-house by our own team. You'll spend as much time coding as you'll spend thinking about how to improve Okta's security.
Job Duties and Responsibilities:
- Conduct selection and proof of concept for novel tools and techniques that'll help secure Okta's products and services against open source related risks
- Design and implement systems orchestrating our services, generating audit trails for every product release
- Deploy and manage SCA/OSS scanners
- Contribute to the definition of internal processes that allow for fast delivery of software to production system through CI/CD pipelines, while meeting security gates with minimal effort
- Conduct evaluation of findings, and design and apply remediation for false positives
Required Knowledge, Skills, and Abilities:
- Experience automating vulnerability discovery and repetitive tasks. You may not consider yourself a professional software developer, but you can start small systems and read other people's code
- Experience with commercial and open source security scanners in the SCA/OSS
- Experience with CI/CD pipelines
- Knowledge of Web Application Penetration Testing
- Knowledge of security code reviews (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.). You can read code and you can identify, explain, and propose remediations for the most common vulnerabilities in, at minimum, web applications
- Knowledge of AWS and/or Google Cloud Compute
- Python, or similar, programming experience, including use of SQL databases
- You feel comfortable reaching out to people across the organization to find the answers you need
The ideal candidate has both strong application security knowledge and software development experience. You'll be asked to describe typical application security vulnerabilities. You'll be asked to show proficiency in coding small to medium programming tasks.
- Experience in research and presenting findings (internally or externally) in the security field
- Experience with Static Code Analysis, either through custom systems or commercial tools
- In depth knowledge of networking, specially in cloud environments
- Experience with Infrastructure as Code
- Bachelor's degree in Computer Science, Computer Engineering or equivalent experience is a plus
Okta is an Equal Opportunity Employer.
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.