Okta

Principal Forward Deployed Engineer

Remote Okta for AI Agents-764 role with clear candidate location fit.

PostedRecently added

Eligible countries37 accepted countries

Seniority signalLead

Work settingRemote

Accepted candidate locations

AlbaniaAustriaBelgiumBulgariaCroatiaCyprus+31 more

Can I actually apply?Check country list

Accepted candidate countries are listed (37).

Source freshnessRecently added

Location fit37 accepted countries

Stack matchRemote technology delivery

Apply pathCompany site

Mira fit summaryWhy this role is worth checking

Location fit37 accepted countriesAdd your country

Stack matchStack listed in descriptionRemote technology delivery

Seniority signalLeadSet your level for a sharper check.

Apply readinessCompany siteApplication continues on the company site.

Application

Apply on company site

External apply

Applying forPrincipal Forward Deployed EngineerOkta

Country fit37 accepted countries

Apply pathCompany site

WithMiraSave or subscribe before leaving

Company application

WithMira keeps this role for discovery. The application continues on the company site.

Role overview

Readable role content extracted into sections for faster review.

Own the reference architecture. Define the canonical agent identity, delegation, audit, and kill-switch patterns that Senior FDEs deploy across the portfolio, and keep them current as the standards and the product move.
Lead the hardest accounts. Personally own the most strategic, regulated, or technically novel deployments, the ones where there is no playbook yet.
Raise the technical bar. Review other FDEs’ architectures, coach senior customer engineers and your own team, and set the standard for what good looks like in the field.
Shape the roadmap. Synthesize patterns across every account into a clear point of view, and work directly with product and engineering leadership to prioritize what ships next.
Represent Okta as a technical authority. Brief CISO, CIO, and Chief AI Officer audiences, contribute to the standards and frameworks shaping agent identity, and carry the external technical voice.
Resolve what others cannot. Step into the hardest technical and political situations across accounts and find the path forward.
Set the standard for evals and observability. Define how the team measures authorization latency, scope sprawl, delegation anomalies, audit completeness, and kill-switch verification, so it scales beyond any single customer.
Build the team’s leverage. Turn recurring field work into reusable modules, internal tooling, and enablement so the whole FDE function moves faster.

Engineering depth. 10+ years shipping production software, with deep distributed systems and identity experience and a track record of staying hands-on while setting direction.
Authority-level identity protocols. OAuth 2.0, OIDC, SAML, SCIM, RFC 8693 token exchange, act claims, CIMD and DCR, DPoP. Contribution to standards or open source is a plus.
Deep agent security fluency. OWASP Top 10 for Agentic Applications, NIST AI RMF, MITRE ATLAS, plus MCP, A2A, ISO/IEC 42001, and the EU AI Act, with the judgment to apply them in HIPAA, FedRAMP, and SOC 2 environments.
Expert fine-grained authorization. ReBAC and ABAC with policy engines (OPA, Cedar, OpenFGA, or equivalent), and command of the design tradeoffs at scale.
Proven AI hands-on. Production integrations across the major agent platforms and MCP, and daily AI-native development.
Force multiplier. A record of setting technical direction across multiple teams or accounts, and of mentoring senior engineers.
Customer-facing authority. Credible from the IDE to the boardroom, trusted by CISOs and principal engineers alike, and steady when account politics get sharp.
High agency, founder’s mindset. Applied to building a function, not just an account.
Ability to travel, on occasion, up to 35%