Product Security Engineer

October 20

Apply Now

Receive Emails with Similar Jobs

Navan

WebsiteLinkedInAll Job Openings

1001 - 5000

Description

• The Product Security Engineer will be responsible for securing Navan products. • Identifying risks early in the SDLC and developing application security tooling & processes. • Integrating security in the application development process, conducting security-related research and assessments. • Performing feature penetration testing, and providing security analysis/design/training to the organization. • Reporting to the Director of Product Security and Research and contributing to building and scaling an application security program. • Proactively discovering security vulnerabilities, driving and advising risk remediation. • Developing strong partnerships with engineering and product teams to accelerate the release of software with security by design. • Identifying security issues within the product. • Designing and developing security tools and processes to be leveraged by development teams. • Working closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities. • Assisting in developing custom Security as Code solutions. • Participating in expanding/maturing the Navan S-SDLC program. • Reviewing product designs for security defects, performing threat modeling and recommending remediations. • Providing training, guidance, and assistance to development teams early in the SSDLC. • Cultivating security ownership in the product teams. • Bringing visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.

Requirements

• Experience performing threat modeling and architecture reviews for complex applications. • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies. • 2-4 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis. • Ability to execute in multifaceted and highly technical organizations. • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software. • Experience working in Agile development with experience in technologies such as: • Application security testing tools (SAST, DAST, IAST, SCA, or similar.) • Infrastructure as code (Terraform, or similar) • Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular • Containers (Docker, Kubernetes, or similar) • Continuous integration (Jenkins, Github Actions or similar) • Integration of Security testing tools into CI pipelines • Defect tracking (Jira, or similar.) • Source code management (GitHub, or similar.) • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods. • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.