Staff Security Engineer - Vulnerability Management US Public Sector

Other Jobs To Apply

About the position

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solutions through identifying and resolving risks to the employees, product, and most importantly, our customers. With the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business. The Staff Security Engineer for Public Sector is a key member of the Okta Security team and an essential collaborator with our broader Engineering organization playing a key part in executing the Vulnerability Management Program’s strategy. The Vulnerability Management Program is a crucial pillar of the security organizations’ imperative to reduce the threats to Okta’s infrastructure and applications. You’ll be an integral part of building and sustaining strong and effective relationships across Okta with our Engineering, Product and Business Technology counterparts.

Responsibilities

  • Own the full lifecycle operations of Asset and Vulnerability Management scanning and reporting infrastructure, including designing new cloud based and on-prem deployments as required.
  • Assess new and existing scan technologies to determine potential business value.
  • Monitor and respond to security inquiries, requests, and incidents, understanding the technical details of the published vulnerabilities as well as their real risk. Effectively communicate the perceived and real vulnerability impact given the infrastructure context.
  • Contribute to the definition and execution of internal processes that allow for accelerated remediation of critical vulnerabilities and zero-days.
  • Support audit, governance, risk and compliance teams in scanning and reporting on various regulatory compliance and industry best practices including PCI, ISO 27001/27017/27018 , NIST SP 800-53 and SOC 2.
  • Assist Okta’s Public Sector compliance team in their preparation and maintenance of POAMs (Plan of Action & Milestones) and Continuous Monitoring (ConMon) processes.
  • Track and manage weaknesses or gaps in vulnerability related security controls, outlining tasks, required resources, milestones, and scheduled completion dates to achieve compliance with standards like NIST 800-171 and CMMC.
  • Participate in other special projects or strategic initiatives at the direction of the Security team.

Requirements

  • Must have ability to work independently on end to end delivery of infrastructure deployment and troubleshooting run time issues.
  • Proven experience in architecting, deploying, and operating self-hosted vulnerability management and cloud workload security solutions in AWS for regulated or restricted environments.
  • Must have proficiency in AWS core services such as host OS and container deployment, S3, DynamoDB, API Gateway, and others.
  • Experience working with AWS Lambda or similar serverless computing environments for automating vulnerability management scanning and reporting tasks.
  • Proficiency in Shell and python scripting and automation. Familiarity with other scripting and automation tools is a plus.
  • 5+ years of multifaceted cyber security experience in a technology-centric company.
  • 5+ years of experience in building vulnerability scanning solutions within a highly regulated environment such as FedRamp and various Impact Levels.
  • Functional knowledge of vulnerabilities, exploitation and remediation. You should be able to explain vulnerabilities and exploits as well as propose remediations for the most common vulnerabilities.
  • Familiarity with industry standards, frameworks and publications such as CVE, CVSS, EPSS, OWASP and CISA KEV catalog.
  • This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire.
  • Bachelor's degree in Computer Science, Computer Engineering, or equivalent experience.

Nice-to-haves

  • Experience with commercial or open-source vulnerability and misconfiguration scanners and reporting tools regarding Infrastructure/ IP based Assets, Containers, CSPM and CNAPP. Examples: Qualys, TenableSC, Prisma Cloud, Wiz, Orca, Lacework, Paramify, Atlassian Jira, ServiceNow etc. are a plus.

Benefits

  • Amazing Benefits
  • Making Social Impact
  • Developing Talent and Fostering Connection + Community at Okta
  • health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave)
Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...