Senior Product Security Engineer, Red Team

Senior Security Infrastructure Engineer, Red Team

Within the Product Security team, our Red Team delivers robust security assurance for Okta's products, services, and infrastructure. You will be the team's dedicated infrastructure and tooling engineer, the first person in this role for a small team of operators. You will work alongside operators but not report through an operator chain; you'll collaborate as a peer focused on a different discipline.

We seek a Staff Security Infrastructure Engineer to own the engineering backbone that enables our operations. This is not a traditional operator role but a dedicated infrastructure, tooling, and automation engineering position embedded within the Red Team. You will design, build, maintain, and continuously improve the platforms, infrastructure, and custom tooling that our operators depend on to execute engagements.

What You Will Do

Infrastructure Engineering & Automation

Own the full lifecycle of red team infrastructure: design, provisioning, configuration, maintenance, and teardown

Build and maintain Infrastructure-as-Code (IaC) using Terraform (or equivalent) to automate deployment of C2 servers, redirectors, phishing infrastructure, payload‑delivery systems, and supporting services.

Resource and asset lifecycle management through tracking domains, certificates, cloud accounts, recurring expenses, and infrastructure resources; managing acquisition, rotation, and retirement.

Tooling Development & Maintenance

Develop, maintain, and improve custom tools, scripts, and automation to support red team operations (e.g., payload generation pipelines, log aggregation, C2 profile management, infrastructure health checks), providing on‑demand infrastructure/tooling support when issues or gaps arise.

Collaborate closely with operators during engagement planning to understand infrastructure requirements, OPSEC constraints, and operational timelines.

Build and maintain a representative test environment for pre‑operation validation of tools and tradecraft against a security stack similar to the target.

Maintain the team's source code repository with merge/pull request processes, documentation, and code quality standards.

Ensure engagement evidence, infrastructure logs, and operational data are centrally collected and accessible for reporting and after‑action reviews.

Contribute to and maintain metrics that demonstrate infrastructure maturity, operational efficiency, and readiness (e.g., deployment time, rebuild time, infrastructure availability during engagements).

Security & OPSEC

Design infrastructure with OPSEC as a first‑class requirement: network segmentation, traffic separation between operations, credential management, and access controls.

Implement and manage secure access to red team infrastructure.

Create and update operational runbooks, infrastructure documentation, and SOPs for the team.

Maintain clear records of infrastructure ownership and attribution to support deconfliction processes.

What You Bring Required

5+ years of professional experience in infrastructure engineering, DevOps, platform engineering, or a similar role with significant automation responsibilities

Strong familiarity with Terraform (or equivalent IaC tooling) for multi‑cloud infrastructure provisioning and management

Experience operating in cloud‑native, SaaS, or identity‑focused environments

Strong proficiency with configuration management tools (Ansible, or equivalent)

Proficiency in at least one systems programming or scripting language (Python, Go, Bash) with disciplined development practices (version control, code review, testing, documentation)

Solid understanding of Linux systems administration, networking fundamentals (DNS, HTTP/S, TCP/IP, proxying, TLS), and cloud platforms (AWS, GCP, or Azure)

Understanding of OPSEC principles as they apply to offensive infrastructure — you know why redirector chains, domain categorization, traffic separation, and certificate management matter.

Strongly Preferred

Experience building and maintaining CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)

Familiarity with containerization and orchestration (Docker, Kubernetes) as applicable to tooling and lab environments

Familiarity with C2 frameworks (Cobalt Strike, Mythic, Sliver, or similar) from an infrastructure and deployment perspective — you don't need to operate them, but you need to understand what operators need from the infrastructure

Familiarity with detection evasion concepts as they relate to infrastructure (e.g., traffic shaping, hosting provider reputation, certificate transparency)

Nice to Have

Working knowledge of Blue Team operations and related technologies

Experience with security tool development (implant development, payload engineering, evasion tooling) — this role can grow in that direction

Familiarity with Red Team maturity models and how infrastructure/tooling capabilities map to organizational maturity

Note: This is not an operator role. You will not be the person running hands‑on‑keyboard engagements as your primary function. While you may participate in operations to understand requirements or provide support, your core mission is ensuring the team's infrastructure, workflows, tooling, and automation are reliable, repeatable, and mature. You are the engineering foundation the operators build on.

(P22302_3403905)

Below is the annual salary range for candidates located in Canada. Your actual salary will depend on factors such as your skills, qualifications, and experience. In addition, Okta offers equity (where applicable), bonus, and benefits, including health, dental, and vision insurance, RRSP with a match, healthcare spending, telemedicine, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. To learn more about our Total Rewards program, please visit https://rewards.okta.com/can.

The annual base salary range for this position for candidates located in Canada is between $114,000 USD and $157,300 USD.

Equal Opportunity Employer Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding, please use this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.

#J-18808-Ljbffr