Navan

Staff Product Security Engineer

Navan$135K — $300K *
Palo Alto, CA 94303In-Person
Information Technology
11 - 15 years of experience
Reposted Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • 12+ years in Security Engineering or Software Engineering
  • 5+ years in senior leadership managing technical teams
  • Experience with Java Spring Framework and AWS Cloud Infrastructure
  • Expertise in modern authentication and authorization frameworks
  • Strong background in threat modeling and application penetration testing
  • Hands-on with S-SDLC automation and security tooling
  • Familiarity with compliance standards like PCI DSS and SOC2

Responsibilities

  • Own the strategy and roadmap for Product Security and Security Engineering
  • Develop a culture of 'shift left' security with automated tooling
  • Oversee the design of scalable authentication, authorization, and encryption services
  • Secure AI-driven product features and LLM integrations
  • Liaise between Security, Engineering, and Product teams for risk remediation
  • Recruit and mentor high-performing security teams
  • Drive application vulnerability visibility and remediation planning

Benefits

  • Opportunities for professional development and team building
  • Work with cutting-edge technology in a rapidly evolving field
  • Direct reporting relationship to the CISO, impacting company-wide security strategy
  • Integrate security deeply into product development processes
  • Lead and shape the culture of security within an innovative organization
Full Job Description
The Staff Product Security Engineer will be responsible for securing Navan products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a 'shift left' security culture. You will be responsible for defining and scaling the product security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, and providing security analysis/design/training to the organization.

Reporting to the Director of Product Security and Security Engineering, you will lead the building and scaling of an application security program. This position requires advanced technical leadership, strong communication skills, and the ability to influence people at all levels of the organization. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. You will focus on proactively discovering security vulnerabilities, driving and advising risk remediation based on research, and developing strong strategic partnerships with engineering and product leadership to accelerate the release of software with security by design.
What You'll Do
  • Serve as the primary architectural lead for high-priority product security initiatives, ensuring the strategic alignment and timely delivery of impactful programs.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Drive the expansion and maturation of the Navan S-SDLC program across the organization.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
  • Design and develop security tools and processes to be leveraged by development teams.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
  • Lead the definition and development of custom Security as Code solutions.
  • Provide training, guidance, and assistance to development teams early in the SSDLC.
  • Cultivate security ownership in the product teams.
  • Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
  • Help build the Red Team and PSIRT functions.
What We're Looking For
  • Proven experience performing threat modeling and architecture reviews for complex applications.
  • Proven experience delivering critical org-wide product security initiatives.
  • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
  • 8-10+ years of Technical Product Security experience with a proven track record of system-wide impact in SSDLC tooling, automation, and threat modeling/attack surface analysis.
  • Proven ability to mentor junior engineers and lead cross-functional initiatives in multifaceted and highly technical organizations.
  • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
  • Experience working in Agile development with experience in technologies such as:
    • Cloud environment (AWS, or similar)
    • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
    • Infrastructure as code (Terraform, or similar)
    • Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
    • Containers (Docker, Kubernetes, or similar)
    • Continuous integration (Jenkins, Github Actions or similar)
    • Integration of Security testing tools into CI pipelines
    • Defect tracking (Jira,or similar.)
    • Source code management (GitHub, or similar.)
    • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
    • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.


The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate's starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate's skills and experience, market demands, and internal parity.

For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range

$135,000-$300,000 USD

About Navan

Navan is a mining company that focuses on the exploration and development of mineral properties. The company was founded in 2019 and is headquartered in Vancouver, Canada. Navan's primary focus is on the exploration and development of gold and silver properties in North America. The company's management team has extensive experience in the mining industry, and is committed to responsible and sustainable mining practices. Navan is a publicly traded company, and its shares are listed on the Canadian Securities Exchange.
Learn more about Navan
Size
10 employees
Industry
Manufacturing & Automotive
Founded
2015
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Navan

More Information Technology Jobs

Find similar Staff Product Security Engineer jobs:

NationwidePalo Alto, CA