Staff Product Security Engineer
About the role
The Security Team at Okta is dedicated to strengthening the company's position as the leading Identity-as-a-service solutions provider. This involves identifying and resolving risks to employees, products, and, most importantly, our customers. The Staff Product Security Engineer Opportunity focuses on researching and engineering to anticipate and mitigate security risks introduced by agentic systems.
Responsibilities
- Conduct offensive security research focused on agentic AI systems: prompt injection, agent privilege escalation, tool-binding abuse, and agentic supply chain attacks against internal developer platforms.
- Perform security assessments of Okta's AI platforms—including agentic systems and LLM-integrated products—across design, code, and runtime.
- Build reusable security tooling that multiplies the entire Product Security team's capability.
- Run the AI security vendor and tooling evaluation program: design and operate a benchmarking harness against AI security tools.
- Perform manual code review of AI and agent-based system implementations across multiple languages.
- Develop threat models for agentic architectures, orchestration layers, and LLM-integrated services.
- Translate research findings into actionable guidance for engineering teams building AI-powered features and platforms.
- Represent Okta externally through security research, conference presentations, white papers, and publications.
- Mentor engineers across Product Security on AI/agentic security concepts, tooling, and assessment methodology.
Requirements
7+ years of experience in information security, with meaningful depth in application security, offensive research, or AI/ML security. Demonstrated hands-on experience assessing LLM-integrated systems and agentic AI architectures. Strong offensive mindset, proficiency in at least two programming languages (Python and one of: Go, Java, TypeScript, C/C++), advanced experience in threat modeling, manual code review, and penetration testing, applied to complex distributed systems, knowledge of authentication and authorization protocols (OIDC, OAuth 2.0, SAML).
Qualifications
Strong communication skills: the ability to write clearly for technical and non-technical audiences, document research findings with precision, and present at external venues. Experience producing external security research—publications, conference talks, blog posts, or open-source tooling.
Skills and Abilities
- Familiarity with agentic framework internals (tool-use protocols, MCP, function-calling patterns, agent orchestration architectures).
- Experience with SAST, DAST, SCA, and fuzzing tooling applied to AI/ML pipelines or CI/CD systems.
- Strong cryptographic knowledge and experience in identifying cryptographic implementation flaws.
- Ability to develop proof-of-concept exploits that demonstrate AI/agentic vulnerabilities to engineering and product leadership.
- Experience contributing to security standards, SDL processes, or vulnerability research programs.
Benefits
Annual base salary range for candidates located in the San Francisco Bay area: $180,000—$247,000 USD
Annual base salary range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington: varies based on factors such as skills, qualifications, experience, and work location.
Additional benefits include health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave).
Pay
Salary range: $180,000—$247,000 USD for candidates in the San Francisco Bay Area
Varying based on factors such as skills, qualifications, experience, and work location.
Schedule
Hybrid work schedule available.