Senior Security Automation Engineer, Compliance - Okta

The Okta’s Auth0 Product Unit Governance Risk and Compliance (GRC) team work’s directly with our Engineering partners across Product, infrastructure, and Information Security. We also partner closely with other functions in Legal and Finance. GRC is part of the broader team driving strategic execution within Engineering.

Responsibilities

• Design and implement technical controls in a cloud-based environment to meet compliance needs across several frameworks (NIST-800, FedRAMP, SOX, SOC-2, PCI, HIPAA, etc).
• Optimize the environment by rethinking legacy controls, aligning redundant controls, designing for automation, and focusing on the engineers impacted by designed processes.
• Build and execute compliance control automation (enforcement, monitoring, evidence collection) using existing GRC tooling and development of custom software systems
• Define program objectives, identify key metrics, and drive stakeholder reporting.
• Scale compliance while supporting engineers and our broader business partners on compliance-related issues and implementing the resources necessary to provide self-service solutions.

Preferred Qualifications:

• 5+ years of experience in managing compliance in a complex cloud-based environment
• Experience identifying commonalities in controls across multiple frameworks to drive efficiency.
• Experience writing software in Python, Go, or Node.
• Experience with public cloud infrastructure (AWS, Azure, GCP) and container technologies (Kubernetes, Docker)
• Experience and ability to explain key solutions and architectures for confidentiality, integrity, and availability across multiple cybersecurity and compliance topics including areas such as endpoint detection and response, anti-malware, persistent threats, email security, user behavior, and analytics, threat intelligence, threat hunting, and forensics, information protection, application management, security management and/or auditing and governance.
• Experience understanding how to articulate security controls and maintain compliance in cloud-native environments. 
• Familiarity with cloud-based identity and access management solutions as well as hybrid architectures and integration of cloud-based apps (SaaS)
• Stellar written and verbal communication and relationship-building skills
• A strong sense of ownership, self-motivation, and enjoyment of a startup environment
• Problem-solving skills, determination, and a growth mindset

#LI-Remote

#LI-EVDH