Product Security Engineer, Security Reviews

Get to know Okta

Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

As a Product Security Engineer, you will be responsible for conducting security reviews, code audits, and penetration tests across Okta’s products. You will collaborate with engineering teams to identify security vulnerabilities, recommend mitigations, and educate teams on security best practices. This role provides an opportunity to build technical expertise in web application security, authentication protocols, and vulnerability assessment methodologies.

This role is ideal for candidates looking to grow their technical depth in security, with opportunities to work on real-world security challenges, mentor with senior engineers, and contribute to security tooling and automation.

We value an attacker mindset—the ability to think like an adversary when assessing security risks. If you're excited about solving security challenges, learning new techniques, and making an impact on product security, this role is for you.

Job Duties and Responsibilities:

• Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.
• Conduct penetration tests on web applications, services, and infrastructure.
• Identify and report security vulnerabilities, providing clear mitigation strategies.
• Collaborate with engineers to improve security awareness and secure coding practices.
• Develop and enhance security tools and automation to identify vulnerabilities more efficiently.
• Assist in handling externally reported security vulnerabilities by investigating and validating reports.
• Stay up to date on emerging security threats and research new attack techniques.
  
  

Required Knowledge, Skills, and Abilities:

• Knowledge of web application security fundamentals and the OWASP Top 10 / CWE Top 25 vulnerabilities.
• Ability to perform manual secure code reviews in Java, .NET, Go, C, C++, Python, Swift, Kotlin, or similar languages.
• Hands-on experience with penetration testing techniques and tools like Burp Suite.
• Understanding of modern web application components, architecture, and security principles.
• Ability to explain security risks and remediation options to developers and product teams.
• Basic proficiency in scripting (Python, Bash, or similar) for security automation.
  
  

Desired skills and Abilities:

• Familiarity with authentication and authorization protocols (OIDC, SAML, OAuth).
• Experience with mobile application security testing (Android/iOS).
• Exposure to SAST, DAST, SCA, or fuzzing tools.
• Understanding of cryptographic principles and secure implementations.
• Interest in network security, protocol analysis, and vulnerability exploitation techniques.
• Experience creating proof-of-concept scripts to demonstrate security findings.
  
  

What you can look forward to as a Full-Time Okta employee!

• Amazing Benefits
• Making Social Impact
• Fostering Diversity, Equity, Inclusion and Belonging at Okta
  
  

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application, interview process, or onboarding please use this Form to request an accommodation.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Privacy Policy at https://www.okta.com/privacy-policy/.