Facebook pixel

Senior Product Security Engineer
Confirmed live in the last 24 hours
Palo Alto, CA, USA
Experience Level
Desired Skills
  • Proven experience performing threat modeling and architecture reviews for complex applications
  • Proven experience delivering critical org-wide product security initiatives
  • 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis
  • Ability to execute in multifaceted and highly technical organizations
  • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software
  • Experience working in Agile development with experience in technologies such as:
  • Cloud environment (AWS, or similar)
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
  • Infrastructure as code (Terraform, or similar)
  • Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
  • Containers (Docker, Kubernetes, or similar)
  • Continuous integration (Jenkins, Github Actions or similar)
  • Integration of Security testing tools into CI pipelines
  • Defect tracking (Jira,or similar.)
  • Source code management (GitHub, or similar.)
  • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods
  • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world
  • Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives
  • Working on developing security best practices and controls for using cutting edge technologies like Open AI's ChatGPT
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program
  • Participate in expanding/maturing the Navan S-SDLC program
  • Review product designs for security defects, perform threat modeling and recommend remediations
  • Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements
  • Design and develop security tools and processes to be leveraged by development teams
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities
  • Assist in developing custom Security as Code solutions
  • Provide training, guidance, and assistance to development teams early in the SSDLC
  • Cultivate security ownership in the product teams
  • Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation
  • Help build the Red Team and PSIRT functions
Desired Qualifications
  • Published contributions to the security community is a plus
  • Deep understanding of browser security and modern JavaScript frameworks is a plus
  • Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP is a plus
  • Experience working in small teams and delivering outsized impact is a plus
Trip Actions

1,001-5,000 employees

Travel & expense management solution
  • Flexible vacation
  • Healthcare: medical, dental, & visiion for you and your family
  • Commuter benefits
  • Parental leave
  • Health & wellness stipend
  • Pet friendly
  • 401k
  • IATAN: travel related discounts
  • Connectivity Allowance
  • Learning & development allowance
Company Core Values
  • Focus on Users
  • Tech-Forward Solutions
  • Lead with Context
  • Communicate with Candor
  • Raise the Bar
  • One Diverse Team