Staff Software Engineer, Security (Bellevue, WA) (Remote Eligible)

Last updated 20 days ago
Location:San Jose, California
Job Type:Full Time

Position Description:

Okta is looking for an experienced security software engineer that is passionate about building large-scale, mission-critical software in a fast-paced agile environment. The ideal candidate shares our passion for building great software and for evangelizing the principles of secure software development. You will join an engineering team that strongly believes in automated testing and an iterative process to build high-quality next generation enterprise software. This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success.

Our elite team is fast, innovative and flexible; with a weekly release cycle and individual ownership we expect great things from our engineers and reward them with stimulating new projects, emerging technologies and the chance to have significant equity in a company that is about to change the cloud computing landscape forever. Our office is in Bellevue, WA

Job Duties and Responsibilities:

  • Building security oriented product features and infrastructure.
  • Identifying or confirming potential security vulnerabilities in our code.
  • Either fixing security vulnerabilities or working with other development teams that own the relevant code to get them fixed.
  • Work closely with our Chief Security Officer and his team to address their concerns and get maximum benefit from their penetration testing and their code reviews.
  • Working closely with our Technical Operations team that runs our service on AWS to ensure that our application infrastructure is secure.
  • Test-driven development, design and code reviews.

Required Knowledge, Skills, and Abilities:

  • 5+ years of strong software development experience in Java building highly-reliable, mission-critical software.
  • Broad knowledge of, and experience in, fundamental information security concepts.
  • Excellent understanding and experience with threat vectors (e.g. DDOS), including how to identify, mitigate and prevent.
  • A strong understanding of secure engineering concepts such as secure coding practices and secure code reviews.
  • Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF) and their mitigation strategies.
  • Excellent grasp of software engineering principles.

Education and Training:

  • B.S. or M.S. Computer Science or related field

#LI-CE1