Senior Adversarial Engineer

Organization: Okta

Location: Remote

Keywords: Cyber Defense, Threat Detection

Job Type: Full-Time

<< Back to Job-Board

Okta’s Defensive Cyber Operations (DCO) organization is seeking an offensive security minded individual to join the Adversarial Engineering team and contribute to the continued buildout of the program. As part of the DCO team, Adversarial Engineering is tasked to improve Okta and our customer’s security posture by emulating attacker techniques to identify areas of improvement for detection and response. This extends beyond traditional “purple teaming” of end-points or networks to also look at Okta as a product and SaaS applications used internally.

An ideal candidate will have experience in the offensive or defensive cybersecurity domains but both are not required. They would also have the ability to develop and extend tools used to emulate threats. Red team or detection engineering experience in AWS, macOS and containerized environments is desirable.

What this position is not.

  • This is not a “red team”, full scope operational role. Live engagements are coordinated with the defensive teams up front with full knowledge. Many initiatives are run in controlled lab environments.
  • This is not a penetration testing role. While vulnerabilities may be found, the purpose is not the identification and exploitation of vulnerabilities. Value is provided in the analysis of how an attacker may leverage systems.
  • This is not a SOC or detection engineering role. The hired individual may provide support during incidents or develop detection logic, but works separately from the daily workflows of the Detection and Response Engineering team.

Job Duties and Responsibilities:

  • Research adversary methodology with an end-goal of replication.
  • Develop automated testing using breach and assessment tools to validate Okta’s defensive capabilities.
  • Scope and execute emulations of adversary capabilities in environments that include: Windows, macOS, Linux, AWS, and containerization such as Docker and ECS.
  • Scope and execute emulations against Okta’s products and the abuse of business applications including SaaS-based.
  • Provide analysis of emulated activity in instrumented environments to identify gaps and provide guidance on detection or response improvements.


Minimum Education Level: None

What does it take?

You’re a team player with a thirst for knowledge. You’re curious about how attackers operate, knowing that to properly defend a system you must first understand the technical threats. You enjoy automating tasks and if you can’t find a tool for the job you create one. You have the habit of identifying areas of operational friction and then come up with ways to remove them.

You have a solid grasp of Python paired with some experience writing code in other languages. Your past experience has given you a conceptual knowledge of Cloud & Container architectures and operating in enterprise environments that heavily use them.

You’ve previously worked in a red team or “purple team” capacity and can explain how major attacker techniques work, along with methods to detect and investigate them. You don’t stop after identifying a problem–you partner with other teams to solve it. You desire to work with a fully remote team and can remain productive and on task outside of a physical office.

If you don’t have a degree, you have equivalent experience that’s given you the foundational knowledge to understand complex computing environments.

Posted: May 10, 2022
<< Back to Job-Board