What you'd actually do

Act as the central point for defining and evolving the architecture of Okta Federal’s SIPR/JWICS environments, ensuring alignment with DoD reference designs while tailoring them to Okta’s specific product needs.

Design resilient, scalable infrastructure-as-code (IaC) and blueprints for air-gapped environments, solving unique challenges related to disconnected operations, cross-domain solutions (CDS), and "sneaker-net" patch management.

Collaborate closely with Product Engineering (ORD), Site Reliability Engineers (SREs), Business Application teams, Collaboration Engineering teams, and Security teams to translate complex compliance controls (DISA STIGs, RMF) into automated technical implementations that minimize friction for developers.

Guide the selection and integration of "High Side" tools and technologies, prioritizing compliant, maintainable, and low-vulnerability solutions (e.g., utilizing Iron Bank hardened containers) that deliver a superior user experience for internal engineering teams.

Review and approve architectural changes and major system upgrades across the classified boundary, ensuring that operational drift does not introduce security risks or break compliance postures.

Skills

Required

12+ years of experience in systems architecture, DevSecOps engineering, or a similar role
5 years focused on DoD Classified environments (IL6/Secret or higher)
Deep expertise in the DoD software ecosystem, specifically with Platform One/Cloud One, Big Bang, and Iron Bank
Strong understanding of Kubernetes (EKS/RKE2) and container orchestration in air-gapped setups
Demonstrated hands-on experience architecting solutions that meet strict federal compliance frameworks, specifically DoD CC SRG IL6, NIST 800-53, and FIPS 140-3 cryptography standards
Proven experience working with Cross Domain Solutions (CDS) and architecting secure data transfer workflows between Low Side (IL5) and High Side (SIPR/JWICS) networks
Experience implementing Zero Trust Architecture (ZTA) principles in legacy or restrictive network environments
Excellent collaboration and communication skills

Nice to have

ability to solve complex "air gap" challenges outside the box

**Secure Every Identity, from AI to Human

**Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

Okta Federal, Inc. is seeking a seasoned Classified Systems Architect to join our Technology, Data & Intelligence (TDI) Team. This team is tasked with building and maintaining a robust, compliant, and scalable "High Side" developer platform that empowers our product teams to deliver Okta’s world-class Identity capabilities to the U.S. Government’s most sensitive missions.

As part of the TDI Team, this individual will serve as the technical authority for the design, development, and evolution of our development platform for US Classified environments. This position’s mandate is to define the architectural vision for our air-gapped infrastructure, select and validate hardened tooling (e.g., Big Bang, Iron Bank, etc), and bridge the gap between strict DoD compliance requirements and modern DevOps velocity.

You will partner closely with stakeholders across TDI, Product Engineering, Vulnerability Management, and Security Compliance to ensure that every component of the system—from the Kubernetes substrate to the application layer—is implemented as planned, secure by design, and optimized for user experience. Strong preference will be given to those with a bias for action and the ability to solve complex "air gap" challenges outside the box.

What you’ll be doing

Act as the central point for defining and evolving the architecture of Okta Federal’s SIPR/JWICS environments, ensuring alignment with DoD reference designs while tailoring them to Okta’s specific product needs.
Design resilient, scalable infrastructure-as-code (IaC) and blueprints for air-gapped environments, solving unique challenges related to disconnected operations, cross-domain solutions (CDS), and "sneaker-net" patch management.
Collaborate closely with Product Engineering (ORD), Site Reliability Engineers (SREs), Business Application teams, Collaboration Engineering teams, and Security teams to translate complex compliance controls (DISA STIGs, RMF) into automated technical implementations that minimize friction for developers.
Guide the selection and integration of "High Side" tools and technologies, prioritizing compliant, maintainable, and low-vulnerability solutions (e.g., utilizing Iron Bank hardened containers) that deliver a superior user experience for internal engineering teams.
Review and approve architectural changes and major system upgrades across the classified boundary, ensuring that operational drift does not introduce security risks or break compliance postures.
Measure success through a combination of quantitative metrics (platform uptime, ATO velocity, patch latency, vulnerability resolution time) and qualitative feedback (developer satisfaction, ease of deployment).
Establish the technical strategy for "High Side" observability and continuous monitoring, designing architectures that satisfy strict auditing requirements without sacrificing operational visibility.

What you’ll bring to the role

12+ years of experience in systems architecture, DevSecOps engineering, or a similar role, with at least 5 years focused on DoD Classified environments (IL6/Secret or higher).
Deep expertise in the DoD software ecosystem, specifically with Platform One/Cloud One, Big Bang, and Iron Bank. You should understand how to deploy, configure, and maintain these platforms in disconnected environments.
Strong understanding of Kubernetes (EKS/RKE2) and container orchestration in air-gapped setups, including the nuances of managing container registries, Helm charts, and sidecars without internet access.
Demonstrated hands-on experience architecting solutions that meet strict federal compliance frameworks, specifically DoD CC SRG IL6, NIST 800-53, and FIPS 140-3 cryptography standards.
Proven experience working with Cross Domain Solutions (CDS) and architecting secure data transfer workflows between Low Side (IL5) and High Side (SIPR/JWICS) networks.
Experience implementing Zero Trust Architecture (ZTA) principles in legacy or restrictive network environments.
Excellent collaboration and communication skills, with the ability to summarize and explain complex "High Side" constraints to uncleared Commercial stakeholders and influence decision-making across various business units.

Must be able to obtain and maintain a U.S. security clearance (Secret or Top Secret) to the extent required by U.S. Government contracts.

The selected candidate may be subject to drug testing to the extent required by U.S. Government contracts.

#LI-MK1

#LI-onsite

P24627_3360214

Below is the annual base salary range for candidates located in San Francisco Bay Area. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit:https://rewards.okta.com/us.

The annual base salary range for this position for candidates located in the San Francisco Bay area is between:

$224,000—$308,000 USD

** The Okta Experience**

Supporting Your Well-Being
Driving Social Impact
Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.