Principal Forward Deployed Engineer

Okta secures access for 20,000 organizations and billions of users. Okta for AI Agents extends that work to the agentic shift. Deploying an AI agent is not like deploying traditional software. You are putting professional work output into production, and it needs deep integration, continuous tuning, and change management. Every agent needs an identity, a scope, an audit trail, and a way to be shut down when it goes wrong. Most enterprises have not built this yet. We are.

We hire builders who see the cracks in enterprise agent identity that everyone else has learned to live with.

You are the most senior technical field authority for agent identity at Okta. Where a Senior FDE owns the outcome inside one account, you own the patterns that every account and every FDE inherits. You take the hardest and most strategic deployments yourself, set the reference architecture the team builds from, and turn what the field learns into the direction the product takes.

You still write code. You also multiply the people around you, and you are the person product and engineering leadership call when an agent identity problem has no precedent.

• Own the reference architecture. Define the canonical agent identity, delegation, audit, and kill-switch patterns that Senior FDEs deploy across the portfolio, and keep them current as the standards and the product move.
• Lead the hardest accounts. Personally own the most strategic, regulated, or technically novel deployments, the ones where there is no playbook yet.
• Raise the technical bar. Review other FDEs’ architectures, coach senior customer engineers and your own team, and set the standard for what good looks like in the field.
• Shape the roadmap. Synthesize patterns across every account into a clear point of view, and work directly with product and engineering leadership to prioritize what ships next.
• Represent Okta as a technical authority. Brief CISO, CIO, and Chief AI Officer audiences, contribute to the standards and frameworks shaping agent identity, and carry the external technical voice.
• Resolve what others cannot. Step into the hardest technical and political situations across accounts and find the path forward.
• Set the standard for evals and observability. Define how the team measures authorization latency, scope sprawl, delegation anomalies, audit completeness, and kill-switch verification, so it scales beyond any single customer.
• Build the team’s leverage. Turn recurring field work into reusable modules, internal tooling, and enablement so the whole FDE function moves faster.

• Engineering depth. 10+ years shipping production software, with deep distributed systems and identity experience and a track record of staying hands-on while setting direction.
• Authority-level identity protocols. OAuth 2.0, OIDC, SAML, SCIM, RFC 8693 token exchange, act claims, CIMD and DCR, DPoP. Contribution to standards or open source is a plus.
• Deep agent security fluency. OWASP Top 10 for Agentic Applications, NIST AI RMF, MITRE ATLAS, plus MCP, A2A, ISO/IEC 42001, and the EU AI Act, with the judgment to apply them in HIPAA, FedRAMP, and SOC 2 environments.
• Expert fine-grained authorization. ReBAC and ABAC with policy engines (OPA, Cedar, OpenFGA, or equivalent), and command of the design tradeoffs at scale.
• Proven AI hands-on. Production integrations across the major agent platforms and MCP, and daily AI-native development.
• Force multiplier. A record of setting technical direction across multiple teams or accounts, and of mentoring senior engineers.
• Customer-facing authority. Credible from the IDE to the boardroom, trusted by CISOs and principal engineers alike, and steady when account politics get sharp.
• High agency, founder’s mindset. Applied to building a function, not just an account.
• Ability to travel, on occasion, up to 35%

#LI-Remote

(P24675_3470403)