Offensive Security Engineer - Staff/Principal
2 months ago
Job type: Full-time
Hiring from: USA Only
Category: DevOps / Sysadmin
Principal Offensive Security Engineers are responsible for attacking the Okta platform, code, vendors, and infrastructure along with building automation to solve complex problems while securing internal infrastructure.
This position is not one where someone who only operates on scanner-based vulnerabilities will be successful. The ideal candidate will be required to demonstrate strong technical knowledge in webapp, appsec, and backend testing methodology & techniques. Experience with Okta authentication protocols, proven ability to compromise AWS resources, and task automation a plus. Furthermore, the ideal candidate should have knowledge in secOps tooling / techniques, and must be comfortable enumerating business systems to review, communicating vulnerabilities to developers, technical leadership, and management through concise documentation of their work.
The most important quality is an “evil bit” - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity in your daily flow. We support externally publishing exciting findings inside and out of work in the form of papers, blog posts, and live presentations at conferences of your choice.
Job Duties and Responsibilities:
- Strong knowledge of AWS from an attacker perspective
- Strong experience utilizing and attacking secOps / techOps tooling, infrastructure, and automation
- Work with 3rd party vendors to carefully test their products without causing outages or incidents
- Meet with internal stakeholders to discover new systems before they are developed and deployed
- Develop, implement, and communicate vulnerability mitigation strategies to development teams
- Work solo and collaboratively while delivering simultaneous projects on a deadline
- Think like an attacker to solve complex problems with expertise and ingenuity
- Build disposable, repeatable, and verifiable automation and infrastructure for ad-hoc engagements
- Give presentations and represent Okta in private or public venues
- Leadership to set priorities, working with internal teams, and clearly communicating finding impact
Required Knowledge, Skills, and Abilities:
- Knowledge in current cryptographic algorithms and techniques
- Experience automating exploit testing and repetitive tasks
- Experience providing security architecture guidance and mitigations to teams
- 4+ years experience penetration testing web applications and infrastructure
Desired skills and Abilities:
- 4+ years experience in security code review
- Experience reverse engineering Linux, Windows, or mobile binaries
- Experience in research and presenting findings (internally or externally) in the security field
- Experience attacking and exploiting black box applications
- Experience building & maintaining team automation in AWS
• Bachelor's degree in Computer Science, Computer Engineering or equivalent experience preferred
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/
Okta is an Equal Opportunity Employer
Before you apply, please check if any restrictions apply in terms of time zone or country.
This job has a geo-restriction in place: USA Only.
Please mention that you come from Remotive when applying for this job.
Does this job need an edit? 🙈