The Product Security Engineer will be responsible for securing Navan products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. You will be responsible for integrating security in the application development process, conducting security-related research and assessments, performing feature penetration testing, and providing security analysis/design/training to the organization.
Reporting to the Director of Product Security and Research, you will contribute significantly to building and scaling an application security program. This position requires both advanced technical skills, strong communication skills, and the ability to influence people. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. You will focus on proactively discovering security vulnerabilities, driving and advising risk remediation based on research, and developing strong partnerships with engineering and product teams to accelerate the release of the software with security by design.
What You’ll Do:
- Identifying security issues within the product.
- Design and develop security tools and processes to be leveraged by development teams.
- Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
- Assist in developing custom Security as Code solutions.
- Participate in expanding/maturing the Navan S-SDLC program.
- Review product designs for security defects, perform threat modeling and recommend remediations.
- Provide training, guidance, and assistance to development teams early in the SSDLC.
- Cultivate security ownership in the product teams.
- Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
What We’re Looking For:
- Experience performing threat modeling and architecture reviews for complex applications.
- Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
- 2-4 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
- Ability to execute in multifaceted and highly technical organizations.
- Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
- Experience working in Agile development with experience in technologies such as:
- Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
- Infrastructure as code (Terraform, or similar)
- Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
- Containers (Docker, Kubernetes, or similar)
- Continuous integration (Jenkins, Github Actions or similar)
- Integration of Security testing tools into CI pipelines
- Defect tracking (Jira,or similar.)
- Source code management (GitHub, or similar.)
- In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
- Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.
Nice to have:
- Published contributions to the security community.
- Deep understanding of browser security and modern JavaScript frameworks.
The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
Pay Range
$105,000—$190,000 USD
Navan About Us
Navan is the all-in-one super app that makes travel and expense easy so you can focus on being there, not getting there. Say goodbye to spending hours on the phone trying to change your flight or saving stacks of receipts to manually input expenses. From EAs and finance teams to travel managers and employees, Navan empowers people to focus on the things that matter most to them — all while providing companies with real-time visibility, savings, and control.
Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. Valued at $9.2B, Navan is well-positioned for continued growth as it continues its takeover of the travel and expense market.
In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay — the latter of which remains a standalone brand.
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation. All voices are valued here and you’ll have the resources, tools, and training you’ll need to do the best work of your life.
Our Benefits
Navan provides a comprehensive benefits package tailored to support your well-being and financial security. Our offerings include generous medical plans, dental, and vision benefits with premiums covered by Navan, as well as various insurance options designed to cover each family's needs. We also prioritize your holistic wellness with perks like paid parental and bereavement leave, subsidized commuter benefits, mental health support, connectivity stipends, and even pet insurance.
Workplace Policy
Navan believes in the value of in-person connections, whether that is sitting down to have lunch with one another, taking a walking 1:1, or collaborating in a room together. The connections forged through face-to-face interactions improves company culture and drives business results. Navan invests in global office spaces — in the US, Germany, France, Spain, and the UK, among others — that feel welcoming and offers perks such as lunches and happy hours to create a strong team environment to help you do your best work. We operate on a hybrid working model, which we define as three days a week in-office. Please expect this policy for all roles that are tied to an office.
Equal Opportunity
Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring.
Accommodations
Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law.
If you need any assistance or accommodations due to a disability, you are welcome to email us at talent-accommodations@navan.com.
Candidate Privacy Notice
Please review Navan's Candidate Privacy Notice here.
Job Search Best Practices
We have been made aware of recruitment scams involving fraudulent attempts
to lure job seekers into sending money or personal information in return
for fake job offers or coerce them into purchasing equipment by electronic
funds transfer (Zelle, Venmo, etc.) Legitimate Navan recruiters will never
ask for money in any recruitment or onboarding activities. All available job openings at Navan will be posted on Navan’s website and all Navan recruiters will be reachable through an email address ending in “@navan.com” or “@navan.tech”.