×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Vulnerability Management Analyst - Federal

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Okta Ventures
Full Time position
Listed on 2026-02-19
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below
Position: Staff Vulnerability Management Analyst - Federal

Get to know Okta

Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.

At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box – we’re looking for lifelong learners and people who can make us better with their unique experiences.

Join our team! We’re building a world where Identity belongs to you.

Staff Vulnerability Management Analyst

The Okta Security team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solutions through identifying and resolving risks to the employees, product, and most importantly, our customers. With the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business.

The Staff Vulnerability Management Analyst for Public Sector is a key member of the Okta Security team and an essential collaborator with our broader Engineering organization, playing a pivotal role in executing the Vulnerability Management Program’s strategy. The Vulnerability Management Program is a crucial pillar of the security organizations’ imperative to reduce the threats to Okta’s infrastructure and applications. You’ll be an integral part of building and sustaining strong and effective relationships across Okta with our Engineering, Product and Business Technology counterparts.

What

You’ll Do
  • Own the full lifecycle operations of Asset and Vulnerability Management scanning and reporting infrastructure, including designing new cloud‑based and on‑prem deployments as required.
  • Assess new and existing scan technologies to determine potential business value.
  • Monitor and respond to security inquiries, requests, and incidents, understanding the technical details of the published vulnerabilities as well as their real risk. Effectively communicate the perceived and real vulnerability impact given the infrastructure context.
  • Contribute to the definition and execution of internal processes that allow for accelerated remediation of critical vulnerabilities and zero‑days.
  • Support audit, governance, risk and compliance teams in scanning and reporting on various regulatory compliance and industry best practices including PCI, ISO 27001/27017/27018, NIST SP 800‑53 and SOC 2.
  • Assist Okta’s Public Sector compliance team in their preparation and maintenance of POAMs (Plan of Action & Milestones) and Continuous Monitoring (Con Mon) processes.
  • Track and manage weaknesses or gaps in vulnerability‑related security controls, outlining tasks, required resources, milestones and scheduled completion dates to achieve compliance with standards like NIST 800‑171 and CMMC.
  • Participate in other special projects or strategic initiatives at the direction of the Security team.
Your Background
  • 5+ years of multifaceted cyber security experience in a technology‑centric company.
  • 5+ years of experience in building vulnerability scanning solutions within a highly regulated environment such as Fed Ramp High, IL4, IL5 and/or IL6.
  • Current or previous Secret, Top Secret (TS) or Top Secret/Sensitive Compartmented Information (TS/SCI) clearance is a plus.
  • Experience with commercial or open‑source vulnerability and misconfiguration scanners and reporting tools regarding Infrastructure/ IP based Assets, Containers, CSPM and CNAPP. Examples:
    Qualys, Tenable, Prisma Cloud, Wiz, Orca, Lacework, Paramify, Atlassian Jira, Service Now etc.
  • Functional knowledge of vulnerabilities, exploitation and remediation. You should be able to explain vulnerabilities and exploits as well as propose remediations for the most common vulnerabilities.
  • Familiarity with industry standards, frameworks and publications such as CVE, CVSS, EPSS, OWASP and CISA KEV catalog.
  • Proficiency in scripting and automation with Python. Familiarity with other scripting and automation tools is a plus.
  • Experience working with AWS Lambda or similar serverless computing…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search