Senior Forward Deployed Engineer

About The Position

Requirements

• 7+ years shipping production software, still hands-on in the IDE, with on-call experience and operational maturity in systems that authenticate and authorize at high throughput.
• Expertise in identity protocols: OAuth 2.0, OIDC, SAML, SCIM, RFC 8693 token exchange, act claims, CIMD and DCR, DPoP.
• Working knowledge of agent security frameworks: OWASP Top 10 for Agentic Applications, NIST AI RMF, and MITRE ATLAS. Familiarity with MCP, A2A, ISO/IEC 42001, and the EU AI Act. Comfortable mapping deployments to HIPAA, FedRAMP, and SOC 2.
• Experience with fine-grained authorization: ReBAC and ABAC with policy engines (OPA, Cedar, OpenFGA, or equivalent), and a working understanding of how agents acquire tokens, call APIs, and delegate.
• Hands-on AI experience: Built production integrations with Claude, ChatGPT, Microsoft Copilot, Agentforce, Bedrock, LangChain, CrewAI, the OpenAI Agents SDK, or MCP servers.
• Daily use of AI-native development tools: Claude Code, Cursor, GitHub Copilot, or equivalent.
• Customer-facing range: Comfortable in a customer standup and a CISO briefing on the same day. Ability to build trust with senior engineering leaders and navigate internal politics.
• High agency, founder’s mindset: A zero-to-one self-starter who owns outcomes end to end.

Responsibilities

• Become the customer’s trusted technical voice on agent security, participating in standups, design reviews, and incident response. Earn a seat on their architecture review board and security council for agent risk decisions.
• Architect and deploy with the customer’s team, building Okta’s agent security stack (Cross-App Access (XAA), Fine-Grained Authorization (FGA), MCP Gateway, and agent client registration) into their infrastructure. Own the identity, delegation, audit, and kill-switch architecture end to end, and coach their engineers on the patterns.
• Engage senior leadership, briefing the CISO, CIO, identity leaders, Chief AI Officer, and principal architects. Translate token-exchange flows into board-level agent risk, and AI governance mandates into architecture.
• Deliver white-glove deployment, ensuring agents are in production with full identity coverage, security review passed, governance requirements met, and posture visibility online.
• Keep deployments defensible by aligning architecture decisions to OWASP Top 10 for Agentic Applications, NIST AI RMF, and MITRE ATLAS, and to HIPAA, FedRAMP, or SOC 2 where the customer is regulated.
• Wire Okta into the customer’s stack, connecting O4AA to their IdP for human-to-agent links, IGA for agent lifecycle, ISPM for posture, SIEM and EDR for behavior coverage, and policy engines for runtime decisions.
• Build evals and observability for authorization decision latency, scope sprawl across agents, anomalous delegation chains, audit completeness, kill-switch verification, and rogue agent detection.
• Turn field patterns into product by extracting recurring gaps from architects and governance leads, and converting them into reusable modules and roadmap fixes.
• Be on site with regular presence at customer locations for trust and governance alignment.

Benefits

• Equity (where applicable)
• Bonus
• Health insurance
• Dental insurance
• Vision insurance
• 401(k)
• Flexible spending account
• Paid leave (including PTO and parental leave)