Senior Product Security Engineer

Confirmed live in the last 24 hours

Locations

Palo Alto, CA, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AngularJS

Agile

AWS

Docker

JavaScript

Jenkins

JIRA

Git

HTML/CSS

Java

Terraform

Kubernetes

Requirements

Proven experience performing threat modeling and architecture reviews for complex applications
Proven experience delivering critical org-wide product security initiatives
6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis
Ability to execute in multifaceted and highly technical organizations
Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software
Experience working in Agile development with experience in technologies such as:
Cloud environment (AWS, or similar)
Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
Infrastructure as code (Terraform, or similar)
Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
Containers (Docker, Kubernetes, or similar)
Continuous integration (Jenkins, Github Actions or similar)
Integration of Security testing tools into CI pipelines
Defect tracking (Jira,or similar.)
Source code management (GitHub, or similar.)
In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world

Responsibilities

Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives
Working on developing security best practices and controls for using cutting edge technologies like Open AI's ChatGPT
Be a key advisor to the overall strategy and roadmap of the Product Security Program
Participate in expanding/maturing the Navan S-SDLC program
Review product designs for security defects, perform threat modeling and recommend remediations
Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements
Design and develop security tools and processes to be leveraged by development teams
Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities
Assist in developing custom Security as Code solutions
Provide training, guidance, and assistance to development teams early in the SSDLC
Cultivate security ownership in the product teams
Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation
Help build the Red Team and PSIRT functions

Desired Qualifications

Published contributions to the security community is a plus
Deep understanding of browser security and modern JavaScript frameworks is a plus
Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP is a plus
Experience working in small teams and delivering outsized impact is a plus

The Senior Product Security Engineer will be responsible for securing Navan products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. You will be responsible for developing and scaling the product security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, and providing security analysis/design/training to the organization.

Reporting to the Director of Product Security and Research, you will contribute significantly to building and scaling an application security program. This position requires both advanced technical skills, strong communication skills, and the ability to influence people. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. You will focus on proactively discovering security vulnerabilities, driving and advising risk remediation based on research, and developing strong partnerships with engineering and product teams to accelerate the release of the software with security by design.

What You’ll Do:

Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives.
Working on developing security best practices and controls for using cutting edge technologies like Open AI’s ChatGPT.
Be a key advisor to the overall strategy and roadmap of the Product Security Program.
Participate in expanding/maturing the Navan S-SDLC program.
Review product designs for security defects, perform threat modeling and recommend remediations.
Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
Design and develop security tools and processes to be leveraged by development teams.
Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
Assist in developing custom Security as Code solutions.
Provide training, guidance, and assistance to development teams early in the SSDLC.
Cultivate security ownership in the product teams.
Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
Help build the Red Team and PSIRT functions.

What We’re Looking For:

Proven experience performing threat modeling and architecture reviews for complex applications.
Proven experience delivering critical org-wide product security initiatives.
6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
Ability to execute in multifaceted and highly technical organizations.
Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
Experience working in Agile development with experience in technologies such as:

Cloud environment (AWS, or similar)
Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
Infrastructure as code (Terraform, or similar)
Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
Containers (Docker, Kubernetes, or similar)
Continuous integration (Jenkins, Github Actions or similar)
Integration of Security testing tools into CI pipelines
Defect tracking (Jira,or similar.)
Source code management (GitHub, or similar.)

In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.
Published contributions to the security community is a plus.
Deep understanding of browser security and modern JavaScript frameworks is a plus.
Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP is a plus.
Experience working in small teams and delivering outsized impact is a plus.

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.

For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range

$127,500—$230,000 USD

1,001-5,000 employees

Website

Travel & expense management solution

Benefits

Flexible vacation
Healthcare: medical, dental, & visiion for you and your family
Commuter benefits
Parental leave
Health & wellness stipend
Pet friendly
401k
IATAN: travel related discounts
Connectivity Allowance
Learning & development allowance

Company Core Values

Focus on Users
Tech-Forward Solutions
Lead with Context
Communicate with Candor
Raise the Bar
One Diverse Team