AI Identity Architect

Secure Every Identity, from AI to Human Identity is the key to unlocking the potential of AI.\n\nOkta secures AI by building the trusted, neutral infrastructure that enables organisations to safely embrace this new era.\n\nThis work requires a relentless drive to solve complex challenges with real-world stakes.\n\nWe are looking for builders and owners who operate with speed and urgency and execute with excellence.\n\nThis is an opportunity to do career-defining work.\n\nWe're all in on this mission.\n\nIf you are too, let's talk.\n\nThe Identity Team\n\nThe Identity team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution through identifying and resolving risks to the employees, product, and most importantly, our customers.\n\nWith the ever-increasing pace of cloud application adoption, companies are struggling to find ways to accurately assess risk and act at the speed of their business.\n\nThe AI Identity Architect Opportunity\n\nReporting to the VP of Identity & Access Management, this role will be an AI Identity Pioneer, not just an IAM expert.\n\nYour "been there, done that" experience in securing autonomous agents at scale is your superpower.\n\nYou’ve seen how traditional OAuth flows break under agentic pressure, you’ve felt the pain of "Secret Zero" in a LangChain loop, and you know exactly where the industry’s current tools fall short.\n\nAt Okta, you won't just implement security; you will use your battle-tested experience to drive the product features needed to secure the next generation of identities.\n\nThe AI Identity Architect's mission is to own Okta’s enterprise identity strategy for autonomous AI agents.\n\nAs Customer Zero, you will implement Okta on Okta,validating identity patterns at production scale, feeding direct input into product roadmaps, and partnering with business units building internal agentic systems.\n\nWhat you’ll be doing\n\nProduct Vision & Architecture (The "Ratified R0")\n\nDrive the Roadmap: Act as a primary stakeholder for Okta’s product teams.\n\nTranslate your real-world experience securing agents into prioritized feature requests and product requirements.\n\nTarget State: Define a multi-year roadmap for Non-Human Identities (NHIs) and AI Agents aligned with Zero Trust (NIST 800-207) and Okta’s Secure Identity Commitment.\n\nPosture First: Use ISPM (Identity Security Posture Management) to discover unmanaged AI agents and eliminate "Identity Debt" across the enterprise.\n\nCross-App Access & Brokered Delegation\n\nAgent-to-App Connectivity: Architect secure Cross-App Access patterns where agents act as intermediaries between enterprise systems.\n\nDelegated Authority: Refine how user identity is "brokered" to an agent (e.g. OAuth2 Token Exchange), ensuring the agent never has more power than the human user who triggered it.\n\nSession Scoping: Implement context-bound, short-lived tokens to prevent lateral movement by a compromised agent.\n\nOkta Customer Zero -- Validate and publish patterns using Okta primitives to secure the AI lifecycle for:\n\nOkta Identity Engine & Auth0: Define how AI agents prove their identity within AuthN/AuthZ core concepts, implementing rigorous protocols for secure access delegation like OAuth2/OIDC, mTLS, and SPIFFE/SPIRE for workload attestation.\n\nOkta Privilege Access: Implement JIT/JEA access and ephemeral, vaulted secrets for agent tool-use.\n\nOkta Identity Governance & Workflows: Automate the Joiner-Mover-Leaver (JML) lifecycle for agents, including automated certification and revocation.\n\nFine-Grained Authorization: Implement ReBAC for intent-bound decisions (e.g., "Can this agent access the Finance API on behalf of the CFO?").\n\nServe as "Customer Zero" by architecting and stress-testing internal AI security frameworks, translating real-world deployment lessons into a continuous stream of public-facing white papers, blogs, and technical guides to steer industry best practices.\n\nAI Ecosystem & Tech Stack Integration\n\nDefine how Okta identity is woven into modern AI orchestration layers:\n\nOrchestration: Secure identity patterns such as LangChain, LangGraph, AutoGPT, CrewAI, LlamaIndex, and Semantic Kernel.\n\nArchitect secure connectivity to AI model providers such as Azure OpenAI, AWS Bedrock, Google Vertex AI, OpenAI API, and Anthropic.\n\nWhat you’ll bring to the role\n\nThe "Been There" Factor: Proven track record of securing AI agents and non-human identities in a production environment.\n\nExperience: 7+ years in IAM/Security Architecture; proven strategy work across workforce, customer, and Non-Human Identities (NHIs).\n\nDeep knowledge of the core protocols OAuth2/OIDC (especially Token Exchange), SAML, mTLS, JWT, and Model Context Protocol (MCP).\n\nHands-on experience with Modern Identity framework SPIFFE/SPIRE.\n\nAbility to author Architecture Decision Records (ADR) and influence at the VP/CTO level, while simultaneously acting as a peer to Product Management.\n\nAnd extra credit if you have experience in any of the following!\n\nPrior work shaping identity strategy for autonomous/agent systems, multi-agent delegation, or brokered access patterns.\n\nExposure to policy-as-code (OPA/Cedar) and service-mesh identity.\n\nCertifications such as CISSP-ISSAP, CCSP, or TOGAF are welcome but not required or expected.\n\n#LI-SM1 #LI-Hybrid P21621_3398002