About the role
Secure Every Identity, from AI to Human
Identity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.
This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.
The Opportunity
As organizations successfully adopt phishing-resistant MFA, attackers have shifted their tactics—increasingly deploying Adversary-in-the-Middle (AiTM) phishing kits and info-stealer malware to execute session hijacking via cookie theft. Furthermore, with the explosive rise of autonomous AI workloads, securing human identity is no longer enough; we must now protect and govern a fast-growing sprawl of non-human, agentic workflows. We are looking for a highly mature, technically elite, and customer-obsessed Identity Solutions Architect to drive the technical execution of our Identity Security & Agentic Identity portfolio. In this role, you will be a cornerstone of the "Okta on Okta" team, acting as Customer Zero. Reporting directly to the VP of IAM, you will work hand-in-hand with our Principal Product Managers. While the PM shapes the portfolio strategy, you will own the technical architecture, internal deployment blueprints, and the public stage. You will shepherd cutting-edge features from Alpha through Early Availability (EA)—guaranteeing we are our own first and best customer before these solutions scale to the rest of the world.
Key Portfolio Focus Areas
As the Identity Solutions Architect, you will architect the technical blueprints and deployment strategies for Okta’s premier identity security offerings across both our workforce and developer platforms:
- AI Agent & Agentic Identity Security: Architecting how Okta governs non-human, autonomous AI workloads across O4AA (Okta for AI Agents) and A4AA (Auth0 for AI Agents), defining secure authentication and authorization patterns.
- Next-Gen Guardrails: Designing token exchange patterns, security gateways, and implementing the Model Context Protocol (MCP) to secure agent-to-data interactions.
- Hardware-Bound Session Security: Designing Okta’s defense against session cookie thievery by leveraging cryptographically hardware-bound tokens (Okta DBSSO and Chrome DBSC).
- Advanced Threat & Posture Management: Deploying Identity Threat Protection (ITP) for continuous risk evaluation and Identity Security Posture Management (ISPM) to eliminate hidden vulnerabilities across human and machine identities.
- Identity Governance & Administration (IGA): Designing and enforcing modern access governance, including automated lifecycle management, self-service access request workflows, and continuous access certification using Okta Identity Governance.
- Privileged Access Management (PAM): Architecting secure, just-in-time (JIT) access to critical infrastructure, managing secrets, and securing privileged sessions using Okta Privileged Access.
What You’ll Be Doing (Your Impact)
- Governance & Privileged Access Leadership: Lead the internal Customer Zero deployment of Okta IGA and PAM. You will blueprint workflows for least-privilege access, ensuring robust compliance and security over Okta's most sensitive administrative, server, and infrastructure entitlements.
- Customer Zero Lifecycle Execution (Alpha to EA): Act as the lead architect testing and deploying Alpha identity security features within Okta’s internal IAM environment. Author the technical rollout blueprints and provide the core engineering teams with critical feedback.
- Anti-Session Hijacking Architecture: Design the internal implementation blueprint for how Okta DBSSO and Chrome DBSC complement one another, creating an ironclad, layered defense that protects corporate endpoints from token and cookie exfiltration.
- Open-Source & Community Leadership: Lead the technical effort to open-source the complimentary tools our Customer Zero team builds, transitioning our internal innovations into a massive, thriving community effort with our customers.
- Thought Leadership & Personal Brand: Take the microphone. You will help lead a dedicated "how-to" video series and a potential podcast this year, and take the stage at major events to share our internal playbook.
- Ecosystem Integration: Define how Okta identity is woven into modern orchestration layers (LangChain/Graph, n8n, AWS AgentCore, Google Vertex ADK) and model providers (Azure Foundry, AWS Bedrock, OpenAI, Anthropic).
Massive Industry Collaboration
As the technical face of Okta’s Customer Zero team, you will have unique, high-impact opportunities to collaborate closely with strategic engineering and identity infrastructure teams at major enterprise tech companies, leading cloud service providers, and top-tier security vendors.
What You’ll Bring to the Role
- Professional Maturity & Architecture Expertise: 8+ years of overall IT/software development and technical architecture experience, with 3+ years specifically focused on IAM/Security Architecture. You have a proven track record of securing non-human identities (NHIs) or machine-to-machine infrastructure in production.
- Governance & PAM Experience: Demonstrated experience deploying Identity Governance (IGA) and Privileged Access Management (PAM) solutions, including just-in-time (JIT) access, infrastructure security, lifecycle management, and access certification.
- Protocol & Threat Literacy: Knowledge of core protocols: OAuth2/OIDC (especially Token Exchange), SAML, mTLS, JWT, and Model Context Protocol (MCP). Strong technical understanding of modern identity threat vectors (AiTM phishing, info-stealer malware, session hijacking).
- Technical Influence: The ability to author clear Architecture Decision Records (ADRs) and confidently influence at the VP/CTO level, serving as a true peer to product management and product engineering.
- Executive Presence & Communication: Elite verbal and written communication skills. You can translate deep, ambiguous technical architecture into compelling business value for C-suite executives and excel in front of a camera or a live audience.
Work-Life Balance & Travel
We highly value work-life balance and protect our team's time. Travel is limited and generally planned well in advance. Your travel footprint will primarily consist of Oktane (our flagship conference) and Oktane on the Road.
Why This Role is Different
This role gives you the backing of a world-class security leader, the freedom to contribute to open source, a public platform to build your personal brand, and the elite challenge of securing the next frontier of identity.
#P25449_3486113
#LI - hybrid
The Okta Experience
- Supporting Your Well-Being
- Driving Social Impact
- Developing Talent and Fostering Connection + Community
We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.
Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.
If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.
Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.