Cyber Threat Researcher

Get to know Okta

Okta is The World’s Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world, putting Identity at the heart of business security and growth. 

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. 

Join our team! We’re building a world where Identity belongs to you.

Cyber Threat Researcher  The Role

The Defensive Cyber Operations (DCO) team is seeking a cyber threat researcher to contribute to the enhancement of our threat intelligence capabilities. You will be a key member of our Identity Threat Research (ITR) team. Put simply, ITR identifies, prioritizes and researches threat actor(s) that seek to target Okta, our products and our customers. By better understanding their motives, tactics, techniques and procedures, we can assist Okta's security teams in defending against them. 

 

The ITR team is currently expanding our threat intelligence program with a dedicated team to focus on researching threats targeting our most important assets - our customers.

 

Responsibilities

 

• Identify novel and emerging tactics and techniques used by threat actors targeting customers on the Okta platform
• Develop productive relationships with our customers’ security teams and partners to facilitate threat intelligence sharing and collaboration
• Curate indicators received from internal and external sources to enable actionable consumption by DCO
• Develop behavioral detection ideas
• Provide tactical cyber intelligence support to the incident commander as required during security incidents or events of interest
• Develop and maintain an understanding of the cyber threat landscape, as it is relevant to Okta and our customers
• Identify and distribute intelligence of interest to ITR’s stakeholders including our security, product and engineerings teams

What does it take?

 

You’re a team player. You have great communications skills and a thirst for knowledge. You’re curious about systems and how they interact, knowing that to properly defend a system you must first understand how it works. You’re passionate about hunting for threat actors and love to dive deep into the data to look for evidence of malicious activity.

 

If you don’t have a degree, you have equivalent experience that’s given you the foundational knowledge to understand complex computing environments.

 

Required Skills and Experience

 

• Experience in cyber security operations, in threat intelligence, incident response or comparable roles
• Strong understanding of network security fundamentals and their application to threat actor tracking. You should be very familiar with TCP/IP, TLS and DNS.
• Experience in performing research into the tactics, techniques and procedures of sophisticated threat actor(s) and hunting for evidence of them within an enterprise environment
• Familiarity and understanding of how threat actors abuse or attack large web and cloud platforms
• Knowledge of scripting languages (e.g Python) and their applications for security analysis
• Ability to work independently and achieve outcomes with limited direct supervision 
• Excellent communication and writing skills (work samples welcomed)

 

Desirable Experience

 

We love to identify individuals who can supplement and enhance the existing skills within our team. Don’t be put off by the length of this list - we’re not looking for unicorns, but we would highly value applicants who happen to have experience in any one - or combination - of the following areas:

 

• Experience with using Threat Intelligence Platforms
• Knowledge of REST APIs and experience building tools to interact with them
• Experience in writing and presenting on formal intelligence reports
• Experience leveraging tools such as VirusTotal, pDNS, Certificate Transparency logs, Shodan, Censys, Urlscan and other data sets to form comprehensive threat assessments 
• Experience querying big data platforms such as Snowflake, Splunk or other SIEM systems.
• Demonstrated proficiency in Python scripting for automation, data analysis, security tool integration and custom tool development

#LI-JP2 

#LI-Remote

What you can look forward to as an Full-Time Okta employee!

• Amazing Benefits
• Making Social Impact
• Fostering Diversity, Equity, Inclusion and Belonging at Okta 

Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! https://www.okta.com/company/careers/.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to participate in the job application or interview process, please use this Form to request an accommodation.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Privacy Policy at https://www.okta.com/privacy-policy/.