Staff Identity Security Engineer, Identity Governance and Administration

About the Role

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. 

Join our team! We’re building a world where Identity belongs to you.

Staff Identity Security Engineer, Identity Governance and Administration (IGA)

About the Role:

Okta is seeking a highly experienced and passionate Staff Identity Security Engineer to join our dynamic Security Identity and Access Management (IAM) team at Okta. This pivotal role will focus on enhancing and maturing our IGA function, which is critical to our internal security posture and serves as a showcase for the capabilities of the Okta platform.

The Security IAM team is entrusted with the ownership, configuration, and management of Okta's internal workforce and external customer instances. Our mission is to establish these implementations as the gold standard, demonstrating the full power and flexibility of the Okta identity platform. As a Staff Identity Security Engineer, you will be at the forefront of delivering cutting-edge Identity as a Service (IDaaS) solutions that not only secure our environment but also highlight the robust features and benefits of our product. Your expertise in developing and implementing sophisticated identity solutions will be instrumental in solving complex business challenges and delivering impactful value, with an immediate emphasis on strengthening our IGA capabilities.

Responsibilities:

• Pioneering Secure Identity Solutions: Champion the implementation of best-in-class secure identity solutions within our own environment. We believe in being our own best customer, constantly refining and optimizing our use of the Okta platform to set industry benchmarks.
• End-to-End IGA Solution Development: Drive the conceptualization, design, implementation, and meticulous documentation of comprehensive identity governance solutions. This includes defining processes, configuring workflows, and ensuring proper policy enforcement.
• Okta Platform Configuration and Management: Oversee the configuration and ongoing management of our Okta instance to seamlessly support existing and evolving business needs. This encompasses a wide range of tasks, including policy, groups and roles management, integration of new SaaS applications, implementation of advanced features, and the automation of critical identity processes.
• Team Mentorship and Development: Actively support the professional growth of more junior team members through pair-working sessions, comprehensive work reviews, constructive feedback, and the modeling of best practices in identity security and governance engineering.
• Access Management Infrastructure Resilience: Proactively troubleshoot and develop robust solutions for any issues or disruptions within our existing access management infrastructure, ensuring high availability and seamless user experience.
• Collaborative Team Engagement: Participate actively and contribute significantly to team meetings, fostering a collaborative environment, and enthusiastically engage with our ongoing efforts to continuously improve our ways of working within the IAM engineering team.
• Tier 3 Support for Internal Issues: Provide expert Level 3 support for complex internal identity-related issues and requests, acting as a critical point of escalation and resolution.

Qualifications:

• Industry Recognized Certifications: CISSP, CCSP, OKTA Administrator, OKTA Workflows speciality 
• Extensive IAM Experience: Possess a minimum of five years of hands-on experience in implementing and/or supporting enterprise-grade IAM and IGA solutions.
• Deep IAM Domain Knowledge: Demonstrate a profound passion for IAM coupled with proven familiarity with a broad range of related disciplines and concepts, including: Identity Life-Cycle Management (ILM), IGA, Customer Identity and Access Management (CIAM), Privileged Access Management (PAM), Single Sign-On (SSO), and Multi-Factor Authentication (MFA).
• Expertise in IAM Capabilities: Exhibit extensive knowledge and practical application of core IAM capabilities, encompassing: modern authentication and authorization protocols (SAML, OIDC, OAuth2), sophisticated user credential and role management (Attribute-Based Access Control - ABAC, Policy-Based Access Control - PBAC, Role-Based Access Control - RBAC), and robust Privileged Access Management (PAM). This includes hands-on experience in designing and implementing solutions leveraging these capabilities across both workforce and customer user populations.
• Practical IGA Integration Experience: Possess practical experience in seamlessly integrating SaaS and on-premise applications with IGA tools to facilitate automated ILM, including efficient access reviews and certifications.
• PAM for Service Accounts: Demonstrate extensive experience in effectively managing service accounts using PAM solutions to enhance security and compliance.
• Collaboration Tool Proficiency: Possess a good working knowledge of essential ITSM and collaboration tools such as ServiceNow, JIRA, Confluence, and GitHub, facilitating efficient service and project management as well as code collaboration.
• Agile Methodologies: Be familiar with Agile methodologies, enabling adaptability and iterative development in a fast-paced environment.
• Solution-Oriented Development: Exhibit a proven ability to develop well-reasoned solutions that are modular, reusable, reduce effort and complexity, prioritize automation over manual processes, and adhere to agreed-upon standards and patterns.
• Team-Oriented Mindset: Thrive within a team structure where you are supported in delivering your best work and encouraged to share your invaluable industry knowledge.
• Customer-Facing Personality: Possess the personality and communication skills to effectively interface with our internal customers, guiding them through our journey of identity security and enablement.
• Technical Proficiency: Demonstrate experience with RESTful APIs, SCIM, scripting languages (e.g., Python, PowerShell), SQL, and other supporting technologies critical for robust identity solutions.
• SDLC and Agile Knowledge: Possess a demonstrated understanding of working within the Software Development Life Cycle (SDLC) and Agile methodologies, ensuring efficient and structured development processes.
• Strong Communication and Collaboration: Exhibit strong communication and collaboration skills, enabling effective interaction with cross-functional teams and stakeholders.
• Security and Compliance Frameworks: Possess working knowledge of relevant security and compliance frameworks such as NIST, SOX, and ISO 27001, ensuring adherence to industry best practices and regulatory requirements.

Additional requirements:

• This position requires the ability to access federal environments and/or have access to protected federal data.  As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.

The annual base salary range for this position for candidates located in the San Francisco Bay area is between: $180,000—$270,000 USD

The annual base salary range for this position for candidates located in California (excluding San Francisco Bay Area), Colorado, New York, and Washington is between:$161,000—$241,000 USD

What you can look forward to as a Full-Time Okta employee!

• Amazing Benefits
• Making Social Impact
• Developing Talent and Fostering Connection + Community at Okta