Staff Product Security Engineer, Software Supply Chain

Full Time
Toronto, ON, Canada
4 months ago

Get to know OktaOkta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you.

Staff Product Security Engineer - Software Supply Chain Security Team

We are looking for a talented Security Engineer to join our Software Supply Chain Security Team and help us enhance our application security program. As a Staff Product Security Engineer, you will be responsible for assessing the security of various aspects of Okta's Software Supply Chain Security posture, generating requirements, implementing services, and contributing to the definition of processes that mitigate risk in this space.

The ideal candidate is someone who can think about SDLC security holistically, including aligning with the emerging requirements around Software Transparency and Supply Chain Security.  

Your main responsibilities will include:

  • Conducting evaluations of novel tools and techniques that can help secure our products through robust discovery of potential security vulnerabilities
  • Designing individual components of our automation architecture through end-to-end and data-driven approaches
  • Working with Engineering and other teams in the Security organization to define and execute projects pursuing our security goals
  • Contributing to the definition of internal processes that allow for fast delivery of software to production systems through CI/CD pipelines while meeting security quality criteria with minimal effort
  • Contribute to the implementation, enhancements, and support of initiatives around Software Compositional Analysis, software transparency, SDLC hardening, and vulnerability management
  • Implement automation, at times including leading in the implementation of internal, in-house developed systems to implement Okta specific requirements
  • Participate in weekly rotations to support our Engineering team when triaging and remediating findings related to the team's initiatives

To be considered for this role, you should have:

  • At least 5-7 years of experience in a similar role with a strong focus on security automation and application security at scale.
  • Experience with commercial and open-source security scanners in the SCA space, or provable experience implementing hardening measures in SDLC pipelines 
  • Functional knowledge of security code reviews (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.). You should be able to read code and identify, explain, and propose remediations for the most common vulnerabilities in, at least, code bases for web applications in one of the languages listed.
  • Advanced knowledge of network and application security
  • Software development experience in Python; or similar languages and being open to learning Python.

Additional skills we're looking for include:

  • Knowledge of at least one of AWS, GCP, Azure, etc.
  • Experience with CI/CD pipelines, either on-prem or cloud.
  • Experience defining projects, including goals, resourcing, activities, goals, targets, and milestones, and producing good effort estimations.

Qualifications:

  • Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience
  • Industry certifications related to Software Supply Chain Security, or more broadly to Application and Network Security, are a plus

At our company, we value collaboration, teamwork, and innovation. This role will report to the Director of Application Security and will work closely with other members of the DevSecOps team. We are passionate about what we do and strive to create an inclusive and diverse workplace where everyone can thrive. If you are excited about this opportunity and meet the qualifications listed above, we encourage you to apply. We look forward to hearing from you.

 

#LI-REMOTE

Below is the annual salary range for candidates located in Canada. Your actual salary will depend on factors such as your skills, qualifications, and experience. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental, and vision insurance, RRSP with a match, healthcare spending, telemedicine, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program, please visit: https://rewards.okta.com/can.

The annual base salary range for this position for candidates located in Canada is between:$141,000—$211,000 CAD

What you can look forward to as a Full-Time Okta employee!

  • Amazing Benefits
  • Making Social Impact
  • Developing Talent and Fostering Connection + Community at Okta

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.Some roles may require travel to one of our office locations for in-person onboarding.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Privacy Policy at https://www.okta.com/privacy-policy/.