Senior Product Security Engineer

October 20

Apply Now

Receive Emails with Similar Jobs

Navan

WebsiteLinkedInAll Job Openings

1001 - 5000

Description

• The Senior Product Security Engineer will be responsible for securing Navan products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. • You will be responsible for developing and scaling the product security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, and providing security analysis/design/training to the organization. • Reporting to the Director of Product Security and Research, you will contribute significantly to building and scaling an application security program. • This position requires both advanced technical skills, strong communication skills, and the ability to influence people. • You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. • You will focus on proactively discovering security vulnerabilities, driving and advising risk remediation based on research, and developing strong partnerships with engineering and product teams to accelerate the release of the software with security by design. • Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives. • Be a key advisor to the overall strategy and roadmap of the Product Security Program.

Requirements

• Proven experience performing threat modeling and architecture reviews for complex applications. • Proven experience delivering critical org-wide product security initiatives. • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies. • 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis. • Ability to execute in multifaceted and highly technical organizations. • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software. • Experience working in Agile development with experience in technologies such as: • Cloud environment (AWS, or similar) • Application security testing tools (SAST, DAST, IAST, SCA, or similar.) • Infrastructure as code (Terraform, or similar) • Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular • Containers (Docker, Kubernetes, or similar) • Continuous integration (Jenkins, Github Actions or similar) • Integration of Security testing tools into CI pipelines • Defect tracking (Jira,or similar.) • Source code management (GitHub, or similar.) • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods. • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.