What you'd actually do

Drive the Roadmap: Act as a primary stakeholder for Okta’s product teams. Translate your real-world experience securing agents into prioritized feature requests and product requirements.

Define a multi-year roadmap for Non-Human Identities (NHIs) and AI Agents aligned with Zero Trust (NIST 800-207) and Okta’s Secure Identity Commitment.

Use ISPM (Identity Security Posture Management) to discover unmanaged AI agents and eliminate "Identity Debt" across the enterprise.

Architect secure Cross-App Access patterns where agents act as intermediaries between enterprise systems.

Refine how user identity is "brokered" to an agent (e.g. OAuth2 Token Exchange), ensuring the agent never has more power than the human user who triggered it.

Skills

Required

7+ years in IAM/Security Architecture
strategy work across workforce, customer, and Non-Human Identities (NHIs)
Deep knowledge of the core protocols OAuth2/OIDC (especially Token Exchange), SAML, mTLS, JWT, and Model Context Protocol (MCP)
Hands-on experience with Modern Identity framework SPIFFE/SPIRE
Ability to author Architecture Decision Records (ADR) and influence at the VP/CTO level

Nice to have

Prior work shaping identity strategy for autonomous/agent systems, multi-agent delegation, or brokered access patterns
Exposure to policy-as-code (OPA/Cedar) and service-mesh identity
Certifications such as CISSP-ISSAP, CCSP, or TOGAF

What the JD emphasized

securing autonomous agents at scale

seen how traditional OAuth flows break under agentic pressure

felt the pain of "Secret Zero" in a LangChain loop

know exactly where the industry’s current tools fall short

Proven track record of securing AI agents and non-human identities in a production environment

deep understanding of the "identity gaps" in current AI frameworks

**Secure Every Identity, from AI to Human

**Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

The Identity Team

The Identity team’s mission is to strengthen Okta’s position as the leading Identity-as-a- Service solution through identifying and resolving risks to the employees, product, and most importantly, our customers. With the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business.

The AI Identity Architect Opportunity

Reporting to the VP of Identity & Access Management, this role will be an AI Identity Pioneer, not just an IAM expert. Your "been there, done that" experience in securing autonomous agents at scale is your superpower. You’ve seen how traditional OAuth flows break under agentic pressure, you’ve felt the pain of "Secret Zero" in a LangChain loop, and you know exactly where the industry’s current tools fall short. At Okta, you won't just implement security; you will use your battle-tested experience to drive the product features needed to secure the next generation of identities.

The AI Identity Architect's mission is to own Okta’s enterprise identity strategy for autonomous AI agents. As Customer Zero,** **you will implement Okta on Okta—validating identity patterns at production scale, feeding direct input into product roadmaps, and partnering with business units building internal agentic systems.

**What you’ll be doing **

Product Vision & Architecture (The "Ratified R0")

Drive the Roadmap: Act as a primary stakeholder for Okta’s product teams. Translate your real-world experience securing agents into prioritized feature requests and product requirements.
Target State: Define a multi-year roadmap for Non-Human Identities (NHIs) and AI Agents aligned with Zero Trust (NIST 800-207) and Okta’s Secure Identity Commitment.
Posture First: Use ISPM (Identity Security Posture Management) to discover unmanaged AI agents and eliminate "Identity Debt" across the enterprise.

Cross-App Access & Brokered Delegation

Agent-to-App Connectivity: Architect secure Cross-App Access patterns where agents act as intermediaries between enterprise systems.
Delegated Authority: Refine how user identity is "brokered" to an agent (e.g. OAuth2 Token Exchange), ensuring the agent never has more power than the human user who triggered it.
Session Scoping: Implement context-bound, short-lived tokens to prevent lateral movement by a compromised agent.

Okta Customer Zero -- Validate and publish patterns using Okta primitives to secure the AI lifecycle for:

Okta Identity Engine & Auth0: Define how AI agents prove their identity within AuthN/AuthZ core concepts, implementing rigorous protocols for secure access delegation like OAuth2/OIDC, mTLS, and SPIFFE/SPIRE for workload attestation.
Okta Privilege Access: Implement JIT/JEA access and ephemeral, vaulted secrets for agent tool-use.
Okta Identity Governance & Workflows: Automate the Joiner-Mover-Leaver (JML) lifecycle for agents, including automated certification and revocation.
Fine-Grained Authorization: Implement ReBAC for intent-bound decisions (e.g., "Can this agent access the Finance API on behalf of the CFO?").
Serve as "Customer Zero" by architecting and stress-testing internal AI security frameworks, translating real-world deployment lessons into a continuous stream of public-facing white papers, blogs, and technical guides to steer industry best practices.

AI Ecosystem & Tech Stack Integration -- Define how Okta identity is woven into modern AI orchestration layers:

Orchestration: Secure identity patterns such as LangChain, LangGraph, AutoGPT, CrewAI, LlamaIndex, and Semantic Kernel.
Architect secure connectivity to AI model providers such as Azure OpenAI, AWS Bedrock, Google Vertex AI, OpenAI API, and Anthropic.

What you’ll bring to the role

The "Been There" Factor: Proven track record of securing AI agents and non-human identities in a production environment. You have a deep understanding of the "identity gaps" in current AI frameworks.
Experience: 7+ years in IAM/Security Architecture; proven strategy work across workforce, customer, and Non-Human Identities (NHIs).
Deep knowledge of the core protocols OAuth2/OIDC (especially Token Exchange), SAML, mTLS, JWT, and Model Context Protocol (MCP).
Hands-on experience with Modern Identity framework SPIFFE/SPIRE.
Ability to author Architecture Decision Records (ADR) and influence at the VP/CTO level, while simultaneously acting as a peer to Product Management.

**And extra credit if you have experience in any of the following! **

Prior work shaping identity strategy for autonomous/agent systems, multi-agent delegation, or brokered access patterns.
Exposure to policy-as-code (OPA/Cedar) and service-mesh identity.
Certifications such as CISSP-ISSAP, CCSP, or TOGAF are welcome but not required or expected.

#LI-SM1

#LI-Hybrid

#LI-Remote

P21621_3398002

The annual base salary range for this position for candidates located in the San Francisco Bay area is between:

$242,000—$332,000 USD

Below is the annual base salary range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us.

The annual base salary range for this position for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York, and Washington is between:

$216,000—$297,000 USD

** The Okta Experience**

Supporting Your Well-Being
Driving Social Impact
Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.