Remote Product Security Engineer

Summary

Join our team as a Product Security Engineer and contribute to securing Navan products by identifying risks early in the SDLC and developing application security tooling & processes. You will be responsible for integrating security in the application development process, conducting security-related research and assessments, performing feature penetration testing, and providing security analysis/design/training to the organization.

Requirements

• Experience performing threat modeling and architecture reviews for complex applications
• Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies
• 2-4 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis
• Ability to execute in multifaceted and highly technical organizations
• Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software
• Experience working in Agile development with experience in technologies such as: Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
• Infrastructure as code (Terraform, or similar)
• Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
• Containers (Docker, Kubernetes, or similar)
• Continuous integration (Jenkins, Github Actions or similar)
• Integration of Security testing tools into CI pipelines
• Defect tracking (Jira,or similar.)
• Source code management (GitHub, or similar.)
• In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
• Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world

Responsibilities

• Identifying security issues within the product
• Design and develop security tools and processes to be leveraged by development teams
• Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities
• Assist in developing custom Security as Code solutions
• Participate in expanding/maturing the Navan S-SDLC program
• Review product designs for security defects, perform threat modeling and recommend remediations
• Provide training, guidance, and assistance to development teams early in the SSDLC
• Cultivate security ownership in the product teams
• Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation

Benefits

$105,000 — $190,000 USD