Okta

Staff Product Security Engineer

Okta$161K — $221K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in information security with a focus on application security or AI/ML security.
  • Hands-on experience assessing vulnerabilities in LLM-integrated systems and agentic AI architectures.
  • Ability to model adversary behavior with agentic systems.
  • Experience building security tooling and automation for engineering use.
  • Proficiency in at least two programming languages, including Python and another such as Go, Java, TypeScript, or C/C++.
  • Advanced skills in threat modeling, manual code review, and penetration testing in distributed systems.
  • Knowledge of OIDC, OAuth 2.0, SAML authentication protocols and associated risks.
  • Strong ability to communicate technical concepts clearly to diverse audiences.

Responsibilities

  • Conduct offensive security research on agentic AI systems, addressing prompt injection and privilege escalation.
  • Assess security of Okta's AI platforms, including design, code, and runtime.
  • Build reusable security tools to enhance team capabilities.
  • Operate the AI security vendor evaluation program, benchmarking various tools.
  • Perform manual code reviews on AI and agent-based implementations across languages.
  • Develop threat models for agentic architectures and services integrated with LLMs.
  • Translate security research findings into practical guidance for engineering teams.
  • Mentor colleagues in AI security concepts and assessment methodologies.

Benefits

  • Health, dental, and vision insurance.
  • 401(k) plan options.
  • Flexible spending account availability.
  • Paid leave policies, including PTO and parental leave.
  • Equity options and performance bonuses as applicable.
Full Job Description
The Staff Product Security Engineer Opportunity

The Security team's mission is to strengthen Okta's position as the leading Identity-as-a-service solutions provider by identifying and resolving risks to employees, products, and, most importantly, our customers.

The Staff Product Security Engineer joins a team with a single mandate: get ahead of the security risks introduced by agentic systems before they become operational reality at Okta. This is a research and engineering role. The work is long-horizon and adversarial: understanding how prompt injection propagates through an agent with write access to a code repository, how privilege escalation manifests in an orchestration model with dynamic tool bindings, and what an agentic supply-chain attack looks like against an internal developer platform. The findings this team produces shape SDL requirements, feed reusable security tooling across all of Product Security, and drive Okta's AI and agent-based system security approach at the design level.

The ideal candidate thinks like an attacker, builds like an engineer, and publishes their findings. We actively support external research disclosure through white papers, blog posts, and conference presentations.

What You Will Do
  • Conduct offensive security research focused on agentic AI systems: prompt injection, agent privilege escalation, tool-binding abuse, and agentic supply chain attacks against internal developer platforms.
  • Perform security assessments of Okta's AI platforms-including agentic systems and LLM-integrated products-across design, code, and runtime.
  • Build reusable security tooling that multiplies the entire Product Security team's capability.
  • Run the AI security vendor and tooling evaluation program: design and operate a benchmarking harness against AI security tools.
  • Perform manual code review of AI and agent-based system implementations across multiple languages.
  • Develop threat models for agentic architectures, orchestration layers, and LLM-integrated services.
  • Translate research findings into actionable guidance for engineering teams building AI-powered features and platforms.
  • Represent Okta externally through security research, conference presentations, white papers, and publications.
  • Mentor engineers across Product Security on AI/agentic security concepts, tooling, and assessment methodology.


What You Bring
  • 7+ years of experience in information security, with meaningful depth in application security, offensive research, or AI/ML security.
  • Demonstrated hands-on experience assessing LLM-integrated systems and agentic AI architectures-not just familiarity with the concepts, but evidence of having found real vulnerabilities in them.
  • Strong offensive mindset: the ability to model what an adversary does with an agentic system, identify where the model's reasoning or the orchestration layer breaks down, and construct scenarios that make the risk concrete.
  • Experience building security tooling and automation-scripts, scanners, detection logic, or evaluation harnesses-that other engineers actually use.
  • Proficiency in at least two programming languages (Python and one of: Go, Java, TypeScript, C/C++).
  • Advanced experience in threat modeling, manual code review, and penetration testing, applied to complex distributed systems.
  • Knowledge of authentication and authorization protocols (OIDC, OAuth 2.0, SAML) and their implementation risks.
  • Strong communication skills: the ability to write clearly for technical and non-technical audiences, document research findings with precision, and present at external venues.
  • Experience producing external security research-publications, conference talks, blog posts, or open-source tooling.


Desired Skills and Abilities
  • Familiarity with agentic framework internals (tool-use protocols, MCP, function-calling patterns, agent orchestration architectures).
  • Experience with SAST, DAST, SCA, and fuzzing tooling applied to AI/ML pipelines or CI/CD systems.
  • Strong cryptographic knowledge and experience in identifying cryptographic implementation flaws.
  • Ability to develop proof-of-concept exploits that demonstrate AI/agentic vulnerabilities to engineering and product leadership.
  • Experience contributing to security standards, SDL processes, or vulnerability research programs.


#LI-SM1

#LI-Hybrid
#LI-Remote



The annual base salary range for this position for candidates located in the San Francisco Bay area is between:

$180,000-$247,000 USD

Below is the annual base salary range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us.

The annual base salary range for this position for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York, and Washington is between:

$161,000-$221,000 USD

The Okta Experience
  • Supporting Your Well-Being
  • Driving Social Impact
  • Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

About Okta

Okta is a leading provider of identity and access management solutions for enterprises. The company's cloud-based platform enables organizations to securely connect people and technology, providing secure access to applications and data from any device, anywhere, at any time. Okta's solutions are used by thousands of organizations worldwide, including many Fortune 500 companies. The company was founded in 2009 and is headquartered in San Francisco, California. Okta is committed to providing innovative solutions that help organizations stay secure and productive in today's digital world.
Learn more about Okta
Size
5,342 employees
Market Cap
$10.5 billion
Industry
Net Income
-$266.3 million
Founded
2009
5 Year Trend
+51.9%
Revenue
$835.4 million
NASDAQ

Similar Jobs

More Jobs at Okta

More Information Technology Jobs

Find similar Staff Product Security Engineer jobs: