Staff Compliance Analyst - Federal

Get to know Okta Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth. At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. Join our team! We’re building a world where Identity belongs to you. Position Overview As a Staff Federal Security Compliance Analyst on the Federal Security and Compliance team, you will serve as a lead of our compliance strategy. Your mission is to safeguard and strengthen our position as a leading Identity-as-a-Service (IDaaS) provider for the public sector. In this staff-level role, you are not just a practitioner but a strategic leader who bridges the gap between engineering, product, and federal regulatory bodies. You will drive the maintenance of our FedRAMP and DoD (IL4/IL5) authorizations, lead complex audits, and mentor junior analysts to ensure a security-first culture. Job Duties And Responsibilities Strategic Audit Leadership: Lead end-to-end FedRAMP and DoD audits, serving as the primary point of contact for external 3PAOs and government agencies. Continuous Monitoring Strategy: Oversee and evolve the continuous monitoring (ConMon) program. Design sophisticated reporting mechanisms for vulnerability management and risk posture for executive leadership. Engineering Advisory: Act as a senior consultant to Engineering and Product teams, translating complex NIST 800-53 requirements into actionable technical specifications for cloud-native environments. Impact Assessment & Risk Management: Lead the assessment of high-impact changes to federal systems. Ensure that system evolutions maintain a rigorous security posture without sacrificing innovation. Cross-Functional Alignment: Drive synchronization between GRC, Security, Marketing, Sales, Engineering, and Product to ensure federal requirements are integrated into the broader corporate roadmap. Programmatic Gap Analysis: Proactively identify and lead initiatives to close gaps between current capabilities and future regulatory requirements (e.g., emerging NIST standards, new DoD mandates, or IL6 requirements). Evidence Automation & FedRAMP 20x Readiness: Drive the build-out and support of automated evidence collection and control validation. Lead the transition toward "FedRAMP 2.0" standards (including OSCAL integration), defining and monitoring Key Security Indicators (KSIs) to provide real-time compliance visibility. Minimum Required Knowledge, Skills, And Abilities Education: Bachelor’s degree in Computer Science, MIS, Cybersecurity, or a related technical field. Experience: 7+ years of experience in security compliance, with at least 4-5 years specifically focused on the FedRAMP/NIST 800-53 framework. Automation & Compliance Engineering: Demonstrated experience with automation tools or scripting (e.g., Python, Go, or SQL) for automated evidence collection. Familiarity with API-based control validation and OSCAL-based tooling (e.g., Trestle, LULA, or similar GRC automation frameworks). Technical Depth: Deep understanding of cloud-native infrastructure (IaaS, PaaS, SaaS) and how infrastructure components (networking, OS, databases) support a distributed cloud application. Framework Mastery: Expert-level knowledge of NIST SP 800-53, FedRAMP High/Moderate, and DoD SRG (IL4, IL5, and familiarity with IL6). Operational Knowledge: Proven experience with access management, CI/CD pipelines, disaster recovery, and encryption/key management in a cloud context. Analytical Leadership: Ability to analyze complex "edge-case" security scenarios and provide remediation paths that align with both business goals and regulatory requirements. Communication: Exceptional presentation skills with the ability to explain technical compliance risks to non-technical executive stakeholders. Preferred Certifications & Skills Advanced Certifications: CISSP (highly preferred), CISA, or CCSK. Cloud Expertise: AWS Certified Solutions Architect or Cloud Practitioner. Tooling: Expert-level proficiency with JIRA, ServiceNow, and Okta. Technical Background: Prior experience in a DevOps, Security Engineering, or Systems Administration role is a significant plus. Additional requirements This position requires the ability to access federal environments and/or have access to protected federal data. As a condition of employment for this position, the successful candidate must be able to submit documentation establishing U.S. Person status (e.g. a U.S. Citizen, National, Lawful Permanent Resident, Refugee, or Asylee. 22 CFR 120.15) upon hire. P24525_3348081 The annual base salary range for candidates located in California (excluding San Francisco Bay Area), Colorado, Illinois, New York and Washington is between $161,000—$221,000 USD. What you can look forward to as a Full‑Time Okta employee! Amazing Benefits Making Social Impact Developing Talent and Fostering Connection + Community at Okta Okta cultivates a dynamic work environment, providing the best tools, technology and benefits to empower our employees to work productively in a setting that best and uniquely suits their needs. Each organization is unique in the degree of flexibility and mobility in which they work so that all employees are enabled to be their most creative and successful versions of themselves, regardless of where they live. Find your place at Okta today! Some roles may require travel to one of our office locations for in-person onboarding. Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws. If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation. Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice. Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at #J-18808-Ljbffr