Staff Site Reliability Engineer

Okta's Workforce Identity Cloud Security Engineering group is seeking an experienced and passionate Staff Site Reliability Engineer to join a team focused on designing and developing security solutions to strengthen our cloud infrastructure. We foster innovation and transform creative ideas into robust security solutions for large-scale, critical infrastructure.

You will be instrumental in prescribing defense-in-depth measures, implementing industry security standards, and enforcing the principle of least privilege to elevate our security posture. Our Infrastructure Security team combines deep security domain expertise with the ability to design, implement, and roll out infrastructure across multiple cloud environments seamlessly, without compromising product functionality or performance. We are committed to enhancing customer safety and privacy by delivering security services integrated with the core Okta product.

This high-impact role operates within a security-centric, fast-paced organization poised for significant growth. You will serve as a key liaison between the Security and Engineering organizations, building technical leverage and influencing the security roadmap. Your focus will be on engineering the security aspects of systems across our services, contributing to a company set to redefine cloud computing.

As a Staff Engineer, you are expected to identify critical gaps, propose innovative solutions, and contribute to roadmaps while fostering alignment across various teams. You will also act as a technical mentor, guiding junior team members and cultivating a culture of continuous learning and development.

We are looking for a security-first SRE engineer who proactively builds automation to resolve issues rather than just flagging them. You should possess a strong intuition for cloud-native security and a proven history of hardening large-scale GCP and AWS environments. As a Technical Subject Matter Expert, you will design and build production infrastructure with a 'security-at-scale' mindset.

Key Responsibilities:

• Security Evangelism: Lead initiatives to enhance the security posture of critical infrastructure and promote best practices throughout the engineering organization.
• Incident Response & Reliability: Respond to production security incidents, conduct root cause analysis, and develop automated prevention mechanisms to ensure high performance and reliability.
• Automated Hardening: Identify manual security processes and automate them using custom tooling and CI/CD integrations.
• Architecture & Documentation: Develop comprehensive technical documentation, runbooks, and procedures for a 24x7 online environment.
• Platform Evolution: Continuously enhance our monitoring platforms, transitioning from simple auditing to active, automated prevention strategies.

Minimum Required Knowledge, Skills, & Abilities:

• Experience: 8+ years architecting and operating complex cloud networking and infrastructure, with at least 7+ years specializing in DevSecOps or Cloud Security.
• GCP Expertise: Minimum 3+ years of deep, hands-on experience securing GCP services, including GKE, GCE, and Shared VPC.
• Infrastructure as Code (IaC): 10+ years of experience using Terraform and Chef for managing complex cloud resources and OS hardening.
• Automation Mastery: Expert-level proficiency in Go, Python, or Ruby for building custom security tooling and automated remediation.
• Hardened Containers: Proven track record securing containerized workloads, including image scanning, K8s RBAC, and runtime security tools (e.g., CrowdStrike Falcon, Falco, or gVisor).
• Unflappable Troubleshooting: A proactive, problem-solving mindset with the ability to debug complex networking, IAM, or performance issues under pressure.
• Security Foundations: Strong understanding of Linux internals, OS hardening (CIS benchmarks), and IP protocols (TLS/SSL, DNSSEC, BGP).
• Education: BS in Computer Science or equivalent professional experience.

Additional Responsibilities:

• IAM & Secrets Management: Design and maintain large-scale production IAM policies and secrets management workflows.
• Infrastructure Hardening: Implement and maintain Public Key Infrastructure (PKI) and ensure all GCE/GKE environments meet strict compliance standards.
• Operational Excellence: Utilize industry-standard tools like OSQuery, Splunk, Chronicle, Nessus, or Qualys/Crowdstrike to monitor system health and security telemetry.
• Strategic Rollouts: Lead the phased transition of security policies from Audit/Detection mode to Blocking/Prevention mode, ensuring zero impact on production uptime.

Bonus Points For:

• Multi-Cloud IAM Governance: Experience designing a unified IAM framework across AWS and GCP, utilizing federated identities such as Workload and Workforce Identity Federation, with an understanding of SAML & OIDC authentication mechanisms and automated 'Least Privilege' enforcement.
• Cloud-Native Reliability Engineering: Deep understanding of multi-cloud reliability patterns and maintaining high availability (HA) during security patching or infrastructure-wide hardening.
• Hardened Kubernetes Orchestration: Advanced experience securing GKE, EKS, and kOps, specifically implementing Pod Security Standards, Network Policies, and Admission Controllers for a 'Zero-Trust' posture.
• Threat Modeling: Conducting Security Reviews & Threat Modeling at both Design & Implementation scopes.

Okta offers a dynamic work environment with excellent tools, technology, and benefits. We foster talent development, connection, and community, providing flexibility to empower our employees to be their most creative and successful selves.

Discover your place at Okta today! https://www.okta.com/company/careers/