Senior Site Reliability Engineer

Workforce Identity Cloud

Okta Workforce Identity Cloud (WIC) provides easy, secure access for your workforce so you can focus on other strategic priorities—like reducing costs, and doing more for your customers.

If you like to be challenged and have a passion for solving large-scale automation, testing, and tuning problems, we would love to hear from you. The ideal candidate is someone who exemplifies the ethics of, “If you have to do something more than once, automate it” and who can rapidly self-educate on new concepts and tools.

What You’ll Be Doing:

• Lead and implement secure, scalable Kubernetes clusters across on-prem, hybrid, and cloud environments.
• Integrate security throughout the cluster lifecycle (design to production) with network policies, RBAC, Pod Security Policies, and encryption.
• Work with development teams to enforce secure containerization practices and integrate security tools into CI/CD pipelines.
• Implement secure networking, service meshes (Istio, Linkerd), and implement mutual TLS for secure service-to-service communication.
• Secure CI/CD pipelines with automated security checks (code scanning, vulnerability assessments, configuration checks).
• Automate Kubernetes infrastructure provisioning with IaC tools (Terraform, CloudFormation, Ansible), embedding security best practices.
• Enhance automation workflows for patching, vulnerability assessments, and incident response.
• Implement observability strategies with Prometheus, Grafana, ELK Stack, and Loki for monitoring health, logging, performance, and security.
• Ensure security events are logged, monitored, and proactively mitigated.
• Participate in incident response, on-call rotations, root cause analysis, and post-incident reviews to refine security protocols.
• Define, document, and enforce Kubernetes security best practices and policies.

What You’ll Bring to the Role:

• Strong knowledge in Kubernetes, ECS, and migrating applications to cloud-native environments, ensuring security at every stage.
• Experience in designing secure identity management and access control solutions for Kubernetes, ECS, and cloud platforms.
• Experience in migrating legacy applications to Kubernetes and ECS, optimizing for security and scalability.
• Skilled in managing and securing cloud identities, roles, and implementing RBAC in Kubernetes and ECS.
• Extensive experience in securing and automating CI/CD pipelines with tools like Jenkins, GitLab CI, ArgoCD, and Spinnaker.
• Hands-on experience with container security using tools like Aqua Security, Twistlock, and runtime protection practices.
• In-depth understanding of service meshes like Istio and Linkerd, and securing communications with mutual TLS encryption.
• Expertise in using IaC tools like Terraform, CloudFormation, and Ansible for secure infrastructure automation.
• Skilled in using Prometheus, Grafana, and ELK Stack for real-time monitoring and proactive incident detection.
• Experience in managing incidents, troubleshooting, root cause analysis, and improving security protocols.
• Strong ability to collaborate with cross-functional teams and mentor junior engineers, promoting a security-first culture.
• Knowledge on secrets in Kubernetes using Vault, Secrets Manager, or Kubernetes Secrets.

Experience & Qualifications:

• 5+ years of experience in managing large-scale, secure Kubernetes clusters, including architecture, security, and scalability.
• 5+ years of hands-on experience with ECS (Elastic Container Service) and migrating legacy monolithic applications to cloud-native environments (Kubernetes/ECS).
• 3+ years of experience in cloud security, including IAM (Identity and Access Management), role-based access control (RBAC), and secure identity management for cloud platforms and Kubernetes.
• 3+ years of experience in automating CI/CD pipelines using tools such as Spinnaker, Jenkins or ArgoCD with an emphasis on integrating security throughout the process.
• Strong knowledge of service mesh technologies (Istio, Linkerd) and secure networking practices in Kubernetes environments, including mutual TLS encryption.
• Experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible, and the ability to automate infrastructure provisioning with a security-first approach.
• Proven experience in implementing monitoring and observability solutions with Prometheus, Grafana, Loki or similar tools to enhance security and detect incidents in real-time.
• Strong problem-solving skills with hands-on experience in incident management, troubleshooting, and conducting post-incident analysis.
• Excellent collaboration skills with experience working cross-functionally with security engineers, developers, and DevOps teams to enforce security best practices and policies.
• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent professional experience.
• Certifications (preferred): CKA (Certified Kubernetes Administrator), CKAD (Certified Kubernetes Application Developer), AWS Certified DevOps Engineer, or equivalent certifications in cloud and security domains.