Staff Application Security Engineer, AppSec Automation
Location: United States
Job Type: Full time
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth.
At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.
Join our team! We’re building a world where Identity belongs to you.
We are looking for a talented Security Engineer to join our DevSecOps team and help us enhance our application security program. As a Staff Application Security Engineer - AppSec Automation, you will be responsible for ensuring the adoption, deployment, fine-tuning, and development of tools, services, and processes that enable security controls in the SDLC.
In this role, you will focus on traditional SDLC security controls like SAST and SCA, but also the security of the build pipelines and associated processes.
The ideal candidate is someone who feels comfortable developing and discussing threat models for architectures with multiple components with Cloud based integrations.
Your main responsibilities will include:
- Document, review, assess and deliver requirements and recommendations related to the security of our CI/CD pipelines, following industry standard methods such as Threat Modeling and the use of standard security frameworks
- Assess open source and commercial vendors for application security controls, such as SAST, SCA, DAST, Fuzzing, Secret Scanning, IAST, etc.
- Deploy, manage, configure, extend and automate, security tools and services
- Provide support to developers working on remediation of findings
- Contributing to the definition of internal processes that allow for fast delivery of software to production systems through CI/CD pipelines while meeting security quality criteria with minimal effort
- Designing and implementing individual components of our automation architecture
To be considered for this role, you should have:
- At least 5 years of experience in a similar role with a strong focus on security automation and application security at scale.
- Experience with commercial and open-source security scanners in at least one of these spaces: Web Application, SAST, SCA, secret scanning.
- Functional knowledge of security code reviews (Java, .Net, Go, C, C++, C#, Ruby, Perl, Python, etc.). You should be able to read code and identify, explain, and propose remediations for the most common vulnerabilities in, at least, code bases for web applications in one of the languages listed.
- Software development experience in Python; or similar languages and being open to learning Python
- Experience developing threat models
Additional skills we're looking for include:
- Knowledge of at least one of AWS, GCP, Azure, etc.
- Experience with CI/CD pipelines, either on-prem or cloud.
- Experience defining projects, including goals, resourcing, activities, goals, targets, and milestones, and producing good effort estimations.
Soft skills: In addition to technical skills, we value candidates who demonstrate strong soft skills such as:
- Collaboration: Ability to work effectively with cross-functional teams and influence others to achieve common goals.
- Communication: Ability to communicate complex technical information to non-technical stakeholders and present information clearly and concisely.
- Negotiation: Ability to resolve conflicts and reach agreements with others by finding common ground and building consensus.
- Leadership: Ability to inspire and motivate team members to achieve goals and deliver results.
- Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience is a plus.
At our company, we value collaboration, teamwork, and innovation. This role will report to the Director of Application Security and will work closely with other members of the DevSecOps team. We are passionate about what we do and strive to create an inclusive and diverse workplace where everyone can thrive. If you are excited about this opportunity and meet the qualifications listed above, we encourage you to apply. We look forward to hearing from you.
Below is the annual base salary range for candidates located in California, Colorado, New York and Washington. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us.
What you can look forward to as an Okta employee!
- Amazing Benefits
- Making Social Impact
- Fostering Diversity, Equity, Inclusion and Belonging at Okta
Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.
Okta is an Equal Opportunity Employer/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.