Information Security is a top business imperative at Okta. In addition to driving security in our Corporate environment and Okta service, the Security team is deeply entrenched in the Okta business. As such, we contribute to product roadmaps, branding, research and other strategic aspects of our operations. We work across multiple functions, business partners and the research community. We are an engineering-focused team that seeks to stay on the cutting edge of security technology and the threat landscape.

The Defensive Cyber Operations (DCO) team is seeking an experienced Incident Commander to contribute to Okta’s Cyber Security Incident Command (CSIC), responsible for defending the Okta platform, infrastructure and corporate environment.

The Role 

You will operate as a senior member of the DCO CSIC, building and maintaining our capability to enable Okta’s intel-driven approach to defensive cyber operations. Core responsibilities include:

• Taking ownership of both leading and coordinating resources throughout the investigation, remediation and reporting of cyber security incidents.
• Preparing Okta to respond to cyber security incidents through the ongoing development and maintenance of the incident response plan, playbooks and other vital documentation such as standard operating procedures.
• Planning and executing cyber security exercises, providing assurance that Okta’s preparation for responding to major cyber security incidents is sound.
• Enhancing DCO’s CSIC capability through the identification and implementation of tools, processes, and data sources that will enable effective incident command outcomes and drive more efficient response to cyber security incidents.
• Identifying and reporting the most important metrics to measure success of the CSIC program.
• Mentoring, coaching employees, providing advice to our employees in order to enable them to reach their full potential as cyber security practitioners.

What does it take? 

You’re a team player. You have great communications and influencing skills along with a thirst for knowledge. You’re curious about systems and how they interact, knowing that to properly defend a system you must first understand how it works. You enjoy automating tasks and if you can’t find a tool for the job you create one. You’re calm under pressure and have a good internal compass for taking calculated risks. You realize transformational change takes time, and you diligently follow-up to ensure progress continues. 

If you don’t have a degree, you have equivalent experience that’s given you the foundational knowledge to understand complex computing environments.

You’re a leader. People want to work with you. You know what it takes to build a world-class defensive cyber capability and you’re passionate about helping make ours stronger. Your experience probably includes:

• Leading, or making significant contributions to, technology focused teams large or small.
• Mentoring staff and providing development opportunities to build high performing teams.
• Operating as the incident commander and/or technical lead during the response to cyber security incidents.
• Planning and executing cyber security exercises to ensure cyber preparedness.
• Developing and maintaining incident response policy, playbooks and procedures.

Ideally you also have experience in several of the following areas:

• Developing, deploying, and maintaining digital forensic collection and analysis tools.
• Working consultatively with legal teams, understanding legal requirements and terminology, and providing factual answers in a concise manner.
• Engaging with customers and/or business partners in high-pressure situations where professionalism and empathy are keys to success.
• Working collaboratively within product and/or enterprise project teams, assisting to deliver large and complex technology solutions.
• Analyzing critical systems to understand both how to break them and defend them against attack.