← Back to Security Engineering
O
Okta
www.okta.com/company

Staff Security Engineer

Security EngineeringOn-site

Toronto, Canada

Staff Security Engineer

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

The Staff Security Engineer is a key role for strengthening the organization's security posture. You'll be responsible for performing security assessments of third-party integrations and connected apps, with a focus on mitigating API-related security risks. This position is vital for ensuring a "secure-by-design" approach for critical systems within the organization.

What You Will Do

  • Lead Technical Security Reviews: Perform in-depth security reviews and threat modeling for complex enterprise applications and third-party integrations.
  • Operationalize AI for Security: Take the lead in deploying and managing AI for Security use cases, such as integration security reviews, to automate and scale security operations.
  • Risk Analysis & Documentation: Analyze and document API permissions and risk levels for major integrations (e.g., Salesforce, Slack, Google) to ensure they meet internal standards.
  • Develop Workflow Processes: Collaborate with stakeholders to design and implement repeatable security review workflows, such as the Salesforce API Integration Review.
  • Vulnerability & Control Gap Mitigation: Identify potential vulnerabilities and security control gaps in connected apps and recommend technical mitigation strategies to stakeholders.
  • Report & Visualize Posture: Contribute to and maintain metrics and dashboards that demonstrate the organization's overall security posture for leadership.

What You Bring

  • Deep Technical Expertise: Proven experience in information security, specifically within application and enterprise security domains.
  • API & Integration Specialist: Strong background in assessing and mitigating risks associated with third-party APIs and connected application ecosystems.
  • Advanced Security Principles: Understanding of "secure-by-design" principles and the "least privilege" model.
  • Practical Threat Modeling: Hands-on experience identifying attack vectors and conducting risk assessments for complex systems.
  • Tooling & AI Proficiency: Experience working with security platforms for analyzing application permissions and an interest or background in applying AI to streamline security tasks.
  • Collaborative Influencer: Exceptional communication skills with a track record of aligning multiple teams toward shared security goals.
  • Education: A Bachelor's degree in Computer Science, information security, or a related field.

P19562

#LI-HYBRID