Staff Site Reliability Engineer, Security- GCP

Okta’s Workforce Identity Cloud Security Engineering group is looking for an experienced and passionate Staff Site Reliability Engineer to join a team focused on designing and developing Security solutions to harden our cloud infrastructure. We embrace innovation and pave the way to transform bright ideas into excellent security solutions that help run large-scale, critical infrastructure. We encourage you to prescribe defense-in-depth measures, industry security standards and enforce the principle of least privilege to help take our Security posture to the next level. Our Infrastructure Security team has a niche skill-set that balances Security domain expertise with the ability to design, implement, rollout infrastructure across multiple cloud environments without adding friction to product functionality or performance. We are responsible for the ever-growing need to improve our customer safety and privacy by providing security services that are coupled with the core Okta product.

This is a high-impact role in a security-centric, fast-paced organization that is poised for massive growth and success. You will act as a liaison between the Security org and the Engineering org to build technical leverage and influence the security roadmap. You will focus on engineering security aspects of the systems used across our services. Join us and be part of a company that is about to change the cloud computing landscape forever.

As a Staff Engineer, you should be able to identify gaps, propose innovative solutions, and contribute to roadmaps while driving alignment across multiple teams within the organization. Additionally, you should serve as a role model, providing technical mentorship to junior team members and fostering a culture of learning and growth

What are we looking for?
We are looking for a security-first SRE engineer who doesn’t just “flag” issues but builds the automation to solve them. You should have a deep-seated intuition for cloud-native security and a proven track record of hardening large-scale GCP and AWS environments. As a Technical SME, you will design and build production infrastructure with a “security-at-scale” mindset.

What You Will Work On?
Security Evangelism: Lead initiatives to strengthen our security posture for critical infrastructure and promote best practices across the engineering organization.
Incident Response & Reliability: Respond to production security incidents, perform root cause analysis, and build automated preventions to ensure high performance and reliability.
Automated Hardening: Identify manual security processes and automate them using custom tooling and CI/CD integrations.
Architecture & Documentation: Develop technical documentation, runbooks, and procedures for a 24×7 online environment.
Platform Evolution: Continuously evolve our monitoring platforms, moving from simple auditing to active, automated prevention.

Minimum Required Knowledge, Skills, & Abilities:
Experience: 8+ years of experience architecting and running complex cloud networking and infrastructure, with at least 7+ years specialized in DevSecOps or Cloud Security.
GCP Expertise: Minimum 3+ years of deep, hands-on experience securing GCP (GKE, GCE, Shared VPC etc).
Infrastructure as Code (IaC): 10+ years of experience using Terraform and Chef to manage complex cloud resources and OS hardening.
Automation Mastery: Expert-level proficiency in Go, Python, or Ruby for building custom security tooling and automated remediation.
Hardened Containers: Proven track record of securing containerized workloads, including image scanning, K8s RBAC, and runtime security tools (e.g., CrowdStrike Falcon, Falco, or gVisor).
Unflappable Troubleshooting: A “see a problem, fix the problem” mindset with the ability to debug complex networking, IAM, or performance issues under pressure.
Security Foundations: Strong grasp of Linux internals, OS hardening (CIS benchmarks), and IP protocols (TLS/SSL, DNSSEC, BGP).
Education: BS in Computer Science or equivalent professional experience.

Key Responsibilities:
IAM & Secrets Management: Design and maintain large-scale production IAM policies and secrets management workflows .
Infrastructure Hardening: Implement and maintain Public Key Infrastructure (PKI) and ensure all GCE/GKE environments meet strict compliance standards.
Operational Excellence: Utilize industry-standard tools like OSQuery, Splunk, Chronicle, Nessus, or Qualys/ Crowdstrike to monitor system health and security telemetry.
Strategic Rollouts: Lead the phased transition of security policies from Audit/Detection mode to Blocking/Prevention mode, ensuring zero impact on production uptime.

Bonus Points For:
Multi-Cloud IAM Governance: Experience designing a unified IAM framework across AWS and GCP, utilizing federated Identities such as Workload, Workforce Identity Federation with understanding of SAML & OIDC auth mechanism and automated “Least Privilege” enforcement.
Cloud-Native Reliability Engineering: Deep understanding of multi-cloud reliability patterns, maintaining high availability (HA) during security patching or infrastructure-wide hardening.
Hardened Kubernetes Orchestration: Advanced experience securing GKE, EKS, and kOps, specifically implementing Pod Security Standards, Network Policies, and Admission Controllers for a “Zero-Trust” posture.
Threat Modeling:Security Reviews & Threat Modeling at both Design & Implementation scope.