Manager, Security Reviews

We seek a dynamic manager to lead our I team. You will lead a new team of Product Security Engineers in Bengaluru, responsible for conducting security reviews, threat modeling, and penetration testing across Oktas products. You will oversee security projects, ensuring security best practices are integrated into the product development lifecycle.

Within the Product Security team, our Security Reviews team delivers robust security assurance for Okta''s products. We conduct comprehensive reviews that encompass design, architecture, code, and penetration testing for both new and existing features. Collaborating seamlessly with other Product Security teams, we establish a unified methodology that fosters consistency when engaging with Okta''s engineering teams.

A successful candidate will possess a strong technical background in product security, demonstrate a proven ability to lead security teams, and be able to drive cross-functional security initiatives.

• Manage and mentor a team of Product Security Engineers, supporting their career growth and professional development.
• Own and oversee security programs and projects, defining goals, refining processes, and ensuring effective execution.
• Provide technical leadership in security reviews, offering guidance on threat modeling, code audits, penetration testing, and vulnerability assessments.
• Collaborate closely with Engineering, Product, and Design teams to understand security needs and integrate best practices.
• Track and report key performance indicators (KPIs) to ensure visibility into the effectiveness of the security program.
• Develop and communicate vulnerability mitigation strategies to help teams prioritize and remediate security risks.
• Promote security awareness and best practices through mentorship, training, and security presentations.
• Represent Okta externally, engaging in security conferences, research, and industry discussions.

• Overall 2-3+ years of leadership experience in product security, including people management or team leadership.
• Strong technical expertise in application security, including secure code reviews, penetration testing, and vulnerability assessment methodologies.
• Experience leading security reviews for web applications, cloud services, and distributed systems.
• Knowledge of modern authentication and authorization protocols, such as OIDC, SAML, and OAuth.
• Excellent communication skills, with the ability to articulate security risks and remediation strategies to engineers and leadership.
• Ability to influence security initiatives across multiple teams, balancing security goals with business objectives.

• Experience with cloud security, DevSecOps, and automation in security testing.
• Familiarity with SAST, DAST, SCA, and security tooling to improve security operations.
• Experience leading cross-functional security initiatives, such as security training, vulnerability management, or incident response programs.
• Strong strategic thinking and ability to identify areas for security improvement at scale.