Senior AEM DevSecOps Engineer

Описание вакансии

Secure Every Identity, from AI to HumanIdentity is the key to unlocking the potential of AI. Okta secures AI by building the trusted, neutral infrastructure that enables organizations to safely embrace this new era. This work requires a relentless drive to solve complex challenges with real-world stakes. We are looking for builders and owners who operate with speed and urgency and execute with excellence.

This is an opportunity to do career-defining work. We're all in on this mission. If you are too, let's talk.

As an AEM DevSecOps Engineer, you will oversee and automate our AEM infrastructure with a primary focus on security, reliability, and automated compliance. You will bridge the gap between development and operations by embedding security directly into the CI/CD pipeline and managing complex identity and content delivery architectures, including headless AEM and Auth0 integrations. Your role is pivotal in ensuring that our platform is not only high-performing but resilient against modern threats like DDoS attacks.

Key Responsibilities

• Identity & Access Management: Configure and manage Auth0 integrations for AEM, including token validation, OIDC/SAML configurations, and custom login modules to ensure secure user authentication.
• Headless Security: Oversee the security of AEM Headless deployments, including protecting GraphQL endpoints, managing CORS policies, and ensuring secure communication for decoupled front-end frameworks (React/Angular).
• Edge & CDN Protection: Manage and configure CDN (e.g., Cloudflare, Akamai, or Adobe-managed CDN) to optimize performance and implement DDoS mitigation strategies.
• Traffic Filtering: Implement and maintain Traffic Filter Rules and Web Application Firewall (WAF) configurations at the CDN level to block malicious spikes and sophisticated application-layer attacks.
• Automated Security Scanning: Integrate security tools (SAST/DAST) and secrets detection into CI/CD pipelines (Jenkins, GitLab) to identify vulnerabilities early in the development cycle.
• Environment Hardening: Install and manage AEM author, publish, and dispatcher instances with a focus on Dispatcher security hardening, SSL certificate automation, and ModSecurity configurations.
• Observability & Incident Response: Monitor system performance and security logs using tools like Splunk or New Relic to proactively address threats and performance bottlenecks.
• Compliance Auditing: Regularly audit the platform and its integrations (Adobe Analytics, Target) to ensure alignment with corporate security policies and industry standards.

Required Skills & Experience

• Experience: 5+ years in administering and securing AEM environments.
• Identity Services: Proven experience integrating Auth0 or similar Identity Providers (IdP) for enterprise-scale authentication.
• Architectural Knowledge: Strong understanding of Headless CMS security best practices, including API key management and JWT authentication.
• Network Security: Expertise in managing CDNs and implementing DDoS mitigation and WAF rules.
• Technical Stack: Proficiency in Apache Sling, JCR, OSGi, and web servers like Nginx or Apache.
• Automation: Hands-on experience with scripting (Python) and CI/CD tools (Jenkins, CircleCI) to automate security and deployment workflows.
• Cloud Experience: Experience with cloud-based AEM implementations, such as AEM as a Cloud Service (AEMaaCS) or AWS/Azure.
• Diagnostic Skills: Proficiency in analyzing log files, thread dumps, and heap dumps to resolve security incidents or performance outages.

• #LI-Rmote
• #LI-JB2
• P24849_3380782

The Okta Experience

• Supporting Your Well-Being
• Driving Social Impact
• Developing Talent and Fostering Connection + Community

We are intentional about connection. Our global community, spanning over 20 offices worldwide, is united by a drive to innovate. Your journey begins with an immersive, in-person onboarding experience designed to accelerate your impact and connect you to our mission and team from day one.

Okta is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, marital status, age, physical or mental disability, or status as a protected veteran. We also consider for employment qualified applicants with arrest and convictions records, consistent with applicable laws.

If reasonable accommodation is needed to complete any part of the job application, interview process, or onboarding please use this Form to request an accommodation.

Notice for New York City Applicants & Employees: Okta may use Automated Employment Decision Tools (AEDT), as defined by New York City Local Law 144, that use artificial intelligence, machine learning, or other automated processes to assist in our recruitment and hiring process. In accordance with NYC Local Law 144, if you are an applicant or employee residing in New York City, please click here to view our full NYC AEDT Notice.

Okta is committed to complying with applicable data privacy and security laws and regulations. For more information, please see our Personnel and Job Candidate Privacy Notice at https://www.okta.com/legal/personnel-policy/.