We are looking for a Product Security Engineer with a passion for building and breaking things to solve security problems in partnership with our Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis. Facilitate and support Architecture, Engineering and Product teams to embed security into every stage of the product life cycle.
- Security Partnership for new product development, contributing security-focused feedback during all phases of the development lifecycle
- Build threat models and conduct risk assessments.
- Performing technical security assessments on our web applications, internal services, and partner applications.
- Perform design and code reviews, both manual and with analysis tools.
- Seek opportunities to optimize tools / technology & processes when appropriate
- Scale the security engineering initiatives through direct mentorship of security champions.
- Represent Auth0 security team by engaging periodically in internal and external speaking engagements
- Identify emerging classes of vulnerabilities and drive closure on remediations and prevention.
- Efficiently perform offensive security testing and work with vendors on 3rd party penetration test exercises
- Embed security assurance scans as an integral part of CI/CD pipeline and influence shift left approach to security
Our Ideal Candidate will have:
- Strong understanding of Web application security, including exploitation, identification, and remediation of code and design flaws.
- Expertise in secure development practices, testing, and techniques.
- Experience with security tools (SAST, SCA, DAST, fuzzers, etc.).
- Ability to explain complex security issues and their impact to diverse audiences.
- Experience building high trust security software.
- Experience with risk management methodologies, design control, threat modeling, vulnerability ranking and product enhancements
- Design, test and implement scalable security solutions
- Automate security controls to reduce our attack surface, proactively seek out vulnerabilities, and decrease response and recovery times
- Discuss and present technical matters with business people and business matters with cross functional teams.
Also Nice to have:
- Experience with implementing identity and access management and/or process isolation and sandboxing.
Okta is an Equal Opportunity Employer/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physial or mental disability, or status as a protected veteran.We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.
Okta offers everything you need to support your work, your life, and your work-life balance. Click here to learn more: https://rewards.okta.com/us
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.