**Secure Every Identity, from AI to Human
**Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.
This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.
Okta’s Workforce Identity Cloud Security Engineering group is looking for an experienced and passionate Staff Site Reliability Engineer to join a team focused on designing and developing Security solutions to harden our cloud infrastructure. We embrace innovation and pave the way to transform bright ideas into excellent security solutions that help run large-scale, critical infrastructure. We encourage you to prescribe defense-in-depth measures, industry security standards and enforce the principle of least privilege to help take our Security posture to the next level. Our Infrastructure Security team has a niche skill-set that balances Security domain expertise with the ability to design, implement, rollout infrastructure across multiple cloud environments without adding friction to product functionality or performance. We are responsible for the ever-growing need to improve our customer safety and privacy by providing security services that are coupled with the core Okta product.
This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success. You will act as a liaison between the Security org and the Engineering org to build technical leverage and influence the security roadmap. You will focus on engineering security aspects of the systems used across our services. Join us and be part of a company that is about to change the cloud computing landscape forever.
As a Staff Engineer, you should be able to identify gaps, propose innovative solutions, and contribute to roadmaps while driving alignment across multiple teams within the organization. Additionally, you should serve as a role model, providing technical mentorship to junior team members and fostering a culture of learning and growth
**What are we looking for? **We are looking for a security-first SRE engineer who doesn't just "flag" issues but builds the automation to solve them. You should have a deep-seated intuition for cloud-native security and a proven track record of hardening large-scale **GCP **and **AWS **environments. As a Technical SME, you will design and build production infrastructure with a "security-at-scale" mindset.
What You Will Work On? Security Evangelism: Lead initiatives to strengthen our security posture for critical infrastructure and promote best practices across the engineering organization. Incident Response & Reliability: Respond to production security incidents, perform root cause analysis, and build automated preventions to ensure high performance and reliability. Automated Hardening: Identify manual security processes and automate them using custom tooling and CI/CD integrations. **Architecture & Documentation: **Develop technical documentation, runbooks, and procedures for a 24x7 online environment. **Platform Evolution: **Continuously evolve our monitoring platforms, moving from simple auditing to active, automated prevention.
**Minimum Required Knowledge, Skills, & Abilities: **Experience: 8+ years of experience architecting and running complex cloud networking and infrastructure, with at least 7+ years specialized in DevSecOps or Cloud Security. GCP Expertise: **Minimum 3+ years of deep, hands-on experience securing GCP (**GKE, GCE, Shared VPC etc). Infrastructure as Code (IaC): 10+ years of experience using Terraform and Chef to manage complex cloud resources and OS hardening. Automation Mastery: Expert-level proficiency in Go, Python, or Ruby for building custom security tooling and automated remediation. Hardened Containers: Proven track record of securing containerized workloads, including image scanning, K8s RBAC, and runtime security tools (e.g., CrowdStrike Falcon, Falco, or gVisor). Unflappable Troubleshooting: A "see a problem, fix the problem" mindset with the ability to debug complex networking, IAM, or performance issues under pressure. Security Foundations: Strong grasp of Linux internals, OS hardening (CIS benchmarks), and IP protocols (TLS/SSL, DNSSEC, BGP). Education: BS in Computer Science or equivalent professional experience.
**Key Responsibilities: **IAM & Secrets Management: Design and maintain large-scale production IAM policies and secrets management workflows . Infrastructure Hardening: Implement and maintain Public Key Infrastructure (PKI) and ensure all GCE/GKE environments meet strict compliance standards. Operational Excellence: Utilize industry-standard tools like OSQuery, Splunk, Chronicle, Nessus, or Qualys/ Crowdstrike to monitor system health and security telemetry. Strategic Rollouts: Lead the phased transition of security policies from Audit/Detection mode to Blocking/Prevention mode, ensuring zero impact on production uptime.
**Bonus Points For: **Multi-Cloud IAM Governance: Experience designing a unified IAM framework across AWS and GCP, utilizing federated Identities such as Workload, Workforce Identity Federation with understanding of SAML & OIDC auth mechanism and automated "Least Privilege" enforcement. Cloud-Native Reliability Engineering: Deep understanding of multi-cloud reliability patterns, maintaining high availability (HA) during security patching or infrastructure-wide hardening. Hardened Kubernetes Orchestration: Advanced experience securing GKE, EKS, and kOps, specifically implementing Pod Security Standards, Network Policies, and Admission Controllers for a "Zero-Trust" posture. Threat Modeling:Security Reviews & Threat Modeling at both Design & Implementation scope.
** The Okta Experience**
- Supporting Your Well-Being
- Driving Social Impact
- Developing Talent and Fostering Connection + Community
We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.
Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.
If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.
Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.
Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.