Staff Product Security Engineer

services, penetration testing methodologies, and secure design principles. A successful candidate will have expertise in authentication protocols (SAML, OAuth, OIDC), threat modeling, and a strong desire to automate security processes by building tools that proactively identify vulnerabilities. You will also be responsible for communicating risks, impact, and remediation strategies to developers, leadership, and external audiences through documentation, presentations, and external publications. The ideal candidate will additionally demonstrate a deep technical background in assessing AI-integrated software architectures and securing Large Language Models (LLMs) against emerging threats and modern vulnerability classes. The ideal candidate will have an attacker mindset-the ability to think critically, creatively, and like an adversary when solving security challenges. We actively support public disclosure of research and findings through white papers, blog posts, and conference

presentations. Job Duties and Responsibilities Conduct security reviews, including design reviews, threat modeling, and penetration testing of new features and major changes. Identify and mitigate security vulnerabilities, providing clear guidance to engineering teams. Lead product security incidents, assess risks, and drive remediation efforts. Develop security tools and automation to improve vulnerability detection and assessment. Mentor junior engineers and provide guidance to non-security staff on secure development practices. Represent Okta externally through security research, conference talks, and publications. Required Knowledge, Skills, and Abilities Expertise in identifying OWASP Top 10 / CWE Top 25 vulnerabilities through manual code review. Strong experience in penetration testing and secure development practices. Deep technical background in assessing Large Language Models (LLMs) and securing AI-integrated software architectures. Proficiency in multiple programming languages (Java, Go, Python, C/C++). Deep understanding of authentication & authorization protocols (OIDC, SAML, OAuth). Strong communication skills to explain risks and remediation to developers and leadership. Ability to automate security testing using LLMs and scripting (Python, Bash, etc.). Experience leading security incidents and risk assessments. Desired Skills and Abilities Experience in mobile (iOS/Android) and desktop (Windows/macOS) security testing. Familiarity with SAST, DAST, SCA, and fuzzing tools. Strong cryptographic knowledge and secure implementation practices. Experience analyzing network protocols and traffic security. Ability to develop proof-of-concept exploits to demonstrate vulnerabilities. Salary and Benefits (Spain) Annual base salary range: €74,000 EUR - €101,000 EUR. Okta offers equity (where applicable), bonus, comprehensive healthcare coverage, and financial benefits including paid time off and parental leave in accordance with applicable plans and policies. Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this form to request an accommodation. Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that us

Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence. As a Staff Product Security Engineer, you will play a critical role in safeguarding Okta's products by conducting comprehensive security reviews, guiding engineering teams in secure development practices, and handling externally reported vulnerabilities. You will engage in code reviews, penetration testing, and architectural security assessments to ensure the security of Okta's platforms and features. This role is not suited for individuals who rely solely on automated vulnerability scanning. Instead, you must possess a deep technical understanding of web applications, backend