Staff Product Security Engineer

Okta, Inc. is seeking a Staff Product Security Engineer in Bellprat, Spain. In this role, you will conduct security reviews, guide engineering teams on secure development practices, and handle vulnerabilities. The ideal candidate will have deep technical knowledge in authentication protocols and experience automating security processes.

Your responsibilities will include leading product security incidents and mentoring junior engineers. Join us and contribute to our mission of securing identities!, * Conduct security reviews and penetration testing of new features.

• Develop security tools and automation for vulnerability detection.
• Lead product security incidents and assess risks.

Conocimientos

Expertise in OWASP Top 10 / CWE Top 25 vulnerabilities Penetration Testing Secure Development Practices Authentication & Authorization Protocols (OIDC, SAML, OAuth) Multiple Programming Languages (Java, Go, Python, C/C++) Descripción del empleo Secure Every Identity, from AI to HumanIdentity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.As a Staff Product Security Engineer, you will play a critical role in safeguarding Okta's products by conducting comprehensive security reviews, guiding engineering teams in secure development practices, and handling externally reported vulnerabilities. You will engage in code reviews, penetration testing, and architectural security assessments to ensure the security of Okta's platforms and features.This role is not suited for individuals who rely solely on automated vulnerability scanning. Instead, you must possess a deep technical understanding of web applications, backend services, penetration testing methodologies, and secure design principles.A successful candidate will have expertise in authentication protocols (SAML, OAuth, OIDC), threat modeling, and a strong desire to automate security processes by building tools that proactively identify vulnerabilities. You will also be responsible for communicating risks, impact, and remediation strategies to developers, leadership, and external audiences through documentation, presentations, and external publications. The ideal candidate will also demonstrate a deep technical background in assessing AI-integrated software architectures and securing Large Language Models (LLMs) against emerging threats and modern vulnerability classes.The ideal candidate will have an attacker mindset-the ability to think critically, creatively, and like an adversary when solving security challenges. We actively support public

• Strong experience in penetration testing and secure development practices.
• Ability to automate security testing using LLMs and scripting.
• Strong communication skills to explain risks and remediation to stakeholders., disclosure of research and findings through white papers, blog posts, and conference presentations.Job Duties and Responsibilities:Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes.Perform manual secure code reviews across multiple programming languages.Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams.Lead product security incidents, assess risks, and drive remediation efforts.Develop security tools and automation to improve vulnerability detection and assessment.Mentor junior engineers and provide guidance to non-security staff on secure development practices.Represent Okta externally through security research, conference talks, and publications.Required Knowledge, Skills, and Abilities:Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review.Strong experience in penetration testing and secure development practices.Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures.Proficiency in multiple programming languages (e.g., Java, Go, Python, C/C++).Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth).Strong communication skills to explain risks and remediation to developers and leadership.Ability to automate security testing using LLMs and scripting (Python, Bash, etc.).Experience leading security incidents and risk assessments.Desired Skills and Abilities:Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing.Familiarity with SAST, DAST, SCA, and fuzzing tools.Strong cryptographic knowledge and secure implementation practices.Experience analyzing network protocols and traffic security.Ability to develop proof-of-concept exploits to demonstrate vulnerabilities.#LI-Remote#LI-ARP25283_3463317Below is the annual salary range for candidates located in Spain. Your actual salary will

depend on factors such as your skills, qualifications, and experience. In addition, Okta offers equity (where applicable), bonus, and comprehensive healthcare coverage and financial benefits including paid time off and parental leave in accordance with our applicable plans and policies. To learn more about our Total Rewards program, please visit: https://rewards.okta.com/esp.The annual base salary range for this position for candidates located in Spain is between:€74.000-€101.000 EURThe Okta ExperienceSupporting Your Well-BeingDriving Social ImpactDeveloping Talent and Fostering Connection + CommunityWe are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.Okta is an Equal Opportunity Employer. All qualified applicants will receive

consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, pleaseOkta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.OktaThe foundation for secure connections between people and technologyOkta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 7,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. More than 19,300 organizations, including JetBlue, Nordstrom, Slack, T-Mobile, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers. Consigue la evaluación confidencial y gratuita de tu currículum