Staff Vulnerability Management Analyst
Location: United States
Job Type: Full time
Get to know Okta
Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth.
At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box, we’re looking for lifelong learners and people who can make us better with their unique experiences.
Join our team! We’re building a world where Identity belongs to you.
The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solutions through identifying and resolving risks to the employees, product, and most importantly, our customers. With the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business.
The Vulnerability Management Analyst is a key member of the Okta Security team and an essential collaborator with our broader Engineering organization. Reporting to the Director of Vulnerability Management, the Vulnerability Management Analyst will play a key part in executing the Vulnerability Management Program’s strategy. The Vulnerability Management Program is a crucial pillar of the security organizations’ imperative to reduce the threats to Okta’s infrastructure and applications. You’ll be an integral part of building and sustaining strong and effective relationships across Okta with our Engineering, Product and Business Technology counterparts.
What You'll Do
- Deploy, manage, maintain, configure, extend and automate vulnerability scanning infrastructure and services.
- Build scripts and software modules to verify the presence of vulnerabilities.
- Develop and implement alerting regarding scan environment health checks as well as vulnerability notification.
- Keep up with newly published vulnerabilities/ CVEs and zero-days.
- Investigate vulnerability findings present within the environment, and coordinate remediation efforts in collaboration with other IT teams and subject matter experts.
- Monitor and maintain awareness of critical vulnerabilities, driving patch management or mitigating processes to reduce impact.
- Document, review and deliver requirements and recommendations related to vulnerability remediation which follow common industry standards and security frameworks.
- Assist business stakeholders in assessing risk and prioritizing vulnerability remediation. Assist in providing risk context to vulnerability reports given the infrastructure purpose.
- Understand the technical details of the published vulnerabilities as well as their real risk. Effectively communicate the perceived and real vulnerability impact.
- Assist in analyzing data from internet scanning tools in order to validate its accuracy.
- Validate vulnerability management changes for accuracy and completion to drive timely remediation of critical vulnerabilities.
- Confirm remediation via automated and manual retesting.
- Provide support to developers working on vulnerability remediation.
- Contribute to the definition of internal processes that allow for fast remediation of vulnerabilities to production systems.
- Assess new and existing scan technologies to determine potential value and risk to the enterprise and ensure risk beyond defined thresholds is appropriately treated.
- Monitor and respond to security inquiries, requests, and incidents as part of supporting the business through sound and timely cybersecurity response.
- Support audit, governance, risk and compliance teams in scanning and reporting on various regulatory compliance and industry best practices including PCI, ISO 27001/27017/27018 , NIST SP 800-53, SOC 2 and FedRAMP.
- Participate in other special projects or strategic initiatives at the direction of the Security team.
- 5+ years of multifaceted cyber security experience in a technology-centric company.
- Experience in building and innovating a vulnerability management program.
- Experience defining projects, including goals, resourcing, activities, targets, and milestones, and producing good effort estimations.
- Experience in having had hands-on responsibility for analyzing common vulnerabilities.
- Experience with commercial or open-source vulnerability scanners regarding at least one of these spaces: Infrastructure/ IP based Assets, Web Application, SAST, DAST, Containers.
- Functional knowledge of vulnerabilities, exploitation and remediation. You should be able to explain vulnerabilities and exploits as well as propose remediations for the most common vulnerabilities.
- Experience in building systems and solutions within a highly regulated environment.
- Experience in Python and Shell.
- Intermediate knowledge of TCP/IP.
- Experience developing threat models.
- Knowledge of at least one of AWS, GCP, Azure, etc.
Who you are
- You have a deep focus on execution, follow-through, accountability, and results.
- You have a growth mindset; You thrive on challenge, you see learnings and opportunities, not failures.
- You enjoy working with cross-functional teams and have exceptional stakeholder management skills.
- You surround yourself with high energy, thriving teams to achieve quality outcomes.
- Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience.
- This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.
Below is the annual base salary range for candidates located in California, Colorado, New York and Washington. Your actual base salary will depend on factors such as your skills, qualifications, experience, and work location. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program please visit: https://rewards.okta.com/us.
What you can look forward to as an Okta employee!
- Amazing Benefits
- Making Social Impact
- Fostering Diversity, Equity, Inclusion and Belonging at Okta
Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.
Okta is an Equal Opportunity Employer/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.