Get to know OktaOkta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you.

Okta’s Workforce Identity Cloud Security Engineering group is looking for an experienced and passionate Staff Site Reliability Engineer to join a team focused on designing and developing Security solutions to harden our cloud infrastructure. We embrace innovation and pave the way to transform bright ideas into excellent security solutions that help run large-scale, critical infrastructure. We encourage you to prescribe defense-in-depth measures, industry security standards and enforce the principle of least privilege to help take our Security posture to the next level. Our Infrastructure Security team has a niche skill-set that balances Security domain expertise with the ability to design, implement, rollout infrastructure across multiple cloud environments without adding friction to product functionality or performance. We are responsible for the ever-growing need to improve our customer safety and privacy by providing security services that are coupled with the core Okta product.

This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success. You will act as a liaison between the Security org and the Engineering org to build technical leverage and influence the security roadmap. You will focus on engineering security aspects of the systems used across our services. Join us and be part of a company that is about to change the cloud computing landscape forever.

As a Staff Engineer, you should be able to identify gaps, propose innovative solutions, and contribute to roadmaps while driving alignment across multiple teams within the organization. Additionally, you should serve as a role model, providing technical mentorship to junior team members and fostering a culture of learning and growth

What are we looking for?We are looking for a security-first SRE engineer who doesn't just "flag" issues but builds the automation to solve them. You should have a deep-seated intuition for cloud-native security and a proven track record of hardening large-scale GCP and AWS environments. As a Technical SME, you will design and build production infrastructure with a "security-at-scale" mindset.

What You Will Work On?Security Evangelism: Lead initiatives to strengthen our security posture for critical infrastructure and promote best practices across the engineering organization.Incident Response & Reliability: Respond to production security incidents, perform root cause analysis, and build automated preventions to ensure high performance and reliability.Automated Hardening: Identify manual security processes and automate them using custom tooling and CI/CD integrations.Architecture & Documentation: Develop technical documentation, runbooks, and procedures for a 24x7 online environment.Platform Evolution: Continuously evolve our monitoring platforms, moving from simple auditing to active, automated prevention.

Minimum Required Knowledge, Skills, & Abilities:Experience: 8+ years of experience architecting and running complex cloud networking and infrastructure, with at least 7+ years specialized in DevSecOps or Cloud Security.GCP Expertise: Minimum 3+ years of deep, hands-on experience securing GCP (GKE, GCE, Shared VPC etc).Infrastructure as Code (IaC): 10+ years of experience using Terraform and Chef to manage complex cloud resources and OS hardening.Automation Mastery: Expert-level proficiency in Go, Python, or Ruby for building custom security tooling and automated remediation.Hardened Containers: Proven track record of securing containerized workloads, including image scanning, K8s RBAC, and runtime security tools (e.g., CrowdStrike Falcon, Falco, or gVisor).Unflappable Troubleshooting: A "see a problem, fix the problem" mindset with the ability to debug complex networking, IAM, or performance issues under pressure.Security Foundations: Strong grasp of Linux internals, OS hardening (CIS benchmarks), and IP protocols (TLS/SSL, DNSSEC, BGP).Education: BS in Computer Science or equivalent professional experience.

Key Responsibilities:IAM & Secrets Management: Design and maintain large-scale production IAM policies and secrets management workflows .Infrastructure Hardening: Implement and maintain Public Key Infrastructure (PKI) and ensure all GCE/GKE environments meet strict compliance standards.Operational Excellence: Utilize industry-standard tools like OSQuery, Splunk, Chronicle, Nessus, or Qualys/ Crowdstrike to monitor system health and security telemetry.Strategic Rollouts: Lead the phased transition of security policies from Audit/Detection mode to Blocking/Prevention mode, ensuring zero impact on production uptime.

Bonus Points For:Multi-Cloud IAM Governance: Experience designing a unified IAM framework across AWS and GCP, utilizing federated Identities such as Workload, Workforce Identity Federation with understanding of SAML & OIDC auth mechanism and automated "Least Privilege" enforcement.Cloud-Native Reliability Engineering: Deep understanding of multi-cloud reliability patterns, maintaining high availability (HA) during security patching or infrastructure-wide hardening.Hardened Kubernetes Orchestration: Advanced experience securing GKE, EKS, and kOps, specifically implementing Pod Security Standards, Network Policies, and Admission Controllers for a "Zero-Trust" posture.Threat Modeling:Security Reviews & Threat Modeling at both Design & Implementation scope.

What you can look forward to as a Full-Time Okta employee!

• Amazing Benefits
• Making Social Impact
• Developing Talent and Fostering Connection + Community at Okta

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.Some roles may require travel to one of our office locations for in-person onboarding.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.