Staff Product Security Engineer
Navan (fka TripActions)
Job highlights
Summary
Join Navan as a Staff Product Security Engineer and play a key role in securing our products by identifying and mitigating risks throughout the software development lifecycle (SDLC). You will develop and scale our product security function, integrating security into the application development process, conducting security research and assessments, and creating custom automated security solutions. This position requires advanced technical skills, strong communication, and the ability to influence others. You will collaborate with engineering and product teams to ensure the continuous security of Navan's customer-facing products and internal tools, proactively identifying vulnerabilities and driving risk remediation. You will also contribute to building and scaling our application security program. The role reports to the Director of Product Security and Research.
Requirements
- Proven experience performing threat modeling and architecture reviews for complex applications
- Proven experience delivering critical org-wide product security initiatives
- Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies
- 8-10 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis
- Ability to execute in multifaceted and highly technical organizations
- Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software
- Experience working in Agile development with experience in technologies such as: Cloud environment (AWS, or similar)
- Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
- Infrastructure as code (Terraform, or similar)
- Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
- Containers (Docker, Kubernetes, or similar)
- Continuous integration (Jenkins, Github Actions or similar)
- Integration of Security testing tools into CI pipelines
- Defect tracking (Jira,or similar.)
- Source code management (GitHub, or similar.)
- In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
- Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world
Responsibilities
- Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives
- Be a key advisor to the overall strategy and roadmap of the Product Security Program
- Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
- Participate in expanding/maturing the Navan S-SDLC program
- Review product designs for security defects, perform threat modeling and recommend remediations
- Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements
- Design and develop security tools and processes to be leveraged by development teams
- Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities
- Assist in developing custom Security as Code solutions
- Provide training, guidance, and assistance to development teams early in the SSDLC
- Cultivate security ownership in the product teams
- Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation
- Help build the Red Team and PSIRT functions
Preferred Qualifications
- Published contributions to the security community
- Deep understanding of browser security and modern JavaScript frameworks
- Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP
- Experience working in small teams and delivering outsized impact
Benefits
Pay Range $150,000 β $265,000 USD
Share this job:
Similar Remote Jobs
- π°$137k-$270kπUnited States
- π°$137k-$270kπUnited States
- π°$65kπSlovakia
- π°$200k-$275kπUnited States
- π°$200k-$275kπUnited States
- π°$147k-$263kπUnited States
- π°$154k-$241kπCanada
- π°$154k-$241kπCanada
- π°$120k-$253kπUnited States, Canada