Remote Senior Product Security Engineer

Summary

Join our team as a Senior Product Security Engineer and contribute to building and scaling an application security program by identifying risks early in the SDLC, developing security tooling & processes, and providing security analysis/design/training. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools.

Requirements

• Proven experience performing threat modeling and architecture reviews for complex applications
• Proven experience delivering critical org-wide product security initiatives
• Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies
• 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis
• Ability to execute in multifaceted and highly technical organizations
• Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software
• Experience working in Agile development with experience in technologies such as: Cloud environment (AWS, or similar), Application security testing tools (SAST, DAST, IAST, SCA, or similar.), Infrastructure as code (Terraform, or similar)
• Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
• Containers (Docker, Kubernetes, or similar)
• Continuous integration (Jenkins, Github Actions or similar)
• Integration of Security testing tools into CI pipelines
• Defect tracking (Jira,or similar.)
• Source code management (GitHub, or similar.)
• In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
• Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world

Responsibilities

• Act as the tech lead for high-priority product security initiatives
• Ensure timely delivery of impactful initiatives
• Be a key advisor to the overall strategy and roadmap of the Product Security Program
• Participate in expanding/maturing the Navan S-SDLC program
• Review product designs for security defects, perform threat modeling and recommend remediations
• Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements
• Design and develop security tools and processes to be leveraged by development teams
• Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities
• Assist in developing custom Security as Code solutions
• Provide training, guidance, and assistance to development teams early in the SSDLC
• Cultivate security ownership in the product teams
• Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation
• Help build the Red Team and PSIRT functions