Senior Forward Deployed Engineer

• Become the customer's trusted technical voice on agent security. Sit in their standups, design reviews, and incident response. Earn a seat on their architecture review board and security council for agent risk decisions.
• Architect and deploy with the customer's team. Build Okta's agent security stack into their infrastructure: Cross-App Access (XAA), Fine-Grained Authorization (FGA), MCP Gateway, and agent client registration. Own the identity, delegation, audit, and kill-switch architecture end to end, and coach their engineers on the patterns.
• Engage senior leadership. Brief the CISO, CIO, identity leaders, Chief AI Officer, and principal architects. Translate token-exchange flows into board-level agent risk, and AI governance mandates into architecture.
• Deliver white-glove deployment. Agents in production with full identity coverage, security review passed, governance requirements met, and posture visibility online. The customer points to you as the reason their agent program is real.
• Keep deployments defensible. Align architecture decisions to OWASP Top 10 for Agentic Applications, NIST AI RMF, and MITRE ATLAS, and to HIPAA, FedRAMP, or SOC 2 where the customer is regulated.
• Wire Okta into the customer's stack. Connect O4AA to their IdP for human-to-agent links, IGA for agent lifecycle, ISPM for posture, SIEM and EDR for behavior coverage, and policy engines for runtime decisions.
• Build evals and observability. Authorization decision latency, scope sprawl across agents, anomalous delegation chains, audit completeness, kill-switch verification, and rogue agent detection.
• Turn field patterns into product. Extract the recurring gaps from their architects and governance leads, and convert them into reusable modules and roadmap fixes that ship for every other customer.
• Be on site. Regular presence at customer locations. Trust and governance alignment happen in the room.

• Engineering pedigree. 7+ years shipping production software, still hands-on in the IDE, with on-call experience and operational maturity in systems that authenticate and authorize at high throughput.
• Identity protocols. OAuth 2.0, OIDC, SAML, SCIM, RFC 8693 token exchange, act claims, CIMD and DCR, DPoP.
• Agent security frameworks. Working knowledge of OWASP Top 10 for Agentic Applications, NIST AI RMF, and MITRE ATLAS. Familiarity with MCP, A2A, ISO/IEC 42001, and the EU AI Act. Comfortable mapping deployments to HIPAA, FedRAMP, and SOC 2.
• Fine-grained authorization. ReBAC and ABAC with policy engines (OPA, Cedar, OpenFGA, or equivalent), and a working understanding of how agents acquire tokens, call APIs, and delegate.
• AI hands-on. Built production integrations with Claude, ChatGPT, Microsoft Copilot, Agentforce, Bedrock, LangChain, CrewAI, the OpenAI Agents SDK, or MCP servers.
• AI-native development. Daily use of Claude Code, Cursor, GitHub Copilot, or equivalent.
• Customer-facing range. At home in a customer standup and a CISO briefing on the same day. You build trust with senior engineering leaders and you stay in the room when their internal politics get sharp.
• High agency, founder's mindset. A zero-to-one self-starter who owns outcomes end to end.

Below is the annual base salary range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us. The annual base salary range for this position for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York, and Washington is between: $200,000 - $275,000 USD

The Okta Experience

• Supporting Your Well-Being
• Driving Social Impact
• Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding pleaseuse this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, pleaseclick here to view our full NYC AEDT Notice.

Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk. About Okta for AI Agents Okta secures access for 20,000 organizations and billions of users. Okta for AI Agents extends that work to the agentic shift. Deploying an AI agent is not like deploying traditional software. You are putting professional work output into production, and it needs deep integration, continuous tuning, and change management. Every agent needs an identity, a scope, an audit trail, and a way to be shut down when it goes wrong. Most enterprises have not built this yet. We are. We hire builders who see the cracks in enterprise agent identity that everyone else has learned to live with.