Navan · 5 hours ago
Product Security Engineer
United States
Full-time
Remote
Entry, Mid Level
$105K/yr - $190K/yr
2+ years exp
Maximize your interview chancesBusiness TravelFinancial Services
Insider Connection @Navan
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Identifying security issues within the product.
Design and develop security tools and processes to be leveraged by development teams.
Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
Assist in developing custom Security as Code solutions.
Participate in expanding/maturing the Navan S-SDLC program.
Review product designs for security defects, perform threat modeling and recommend remediations.
Provide training, guidance, and assistance to development teams early in the SSDLC.
Cultivate security ownership in the product teams.
Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Experience performing threat modeling and architecture reviews for complex applications.
Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
2-4 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
Ability to execute in multifaceted and highly technical organizations.
Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
Experience working in Agile development with experience in technologies such as:
Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
Infrastructure as code (Terraform, or similar)
Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
Containers (Docker, Kubernetes, or similar)
Continuous integration (Jenkins, Github Actions or similar)
Integration of Security testing tools into CI pipelines
Defect tracking (Jira, or similar.)
Source code management (GitHub, or similar.)
In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.
Preferred
Published contributions to the security community.
Deep understanding of browser security and modern JavaScript frameworks.
Company
Navan
Navan provides travel, expense, and corporate card management to automate manual processes and drive spend visibility.
1,001-5,000 employees
H1B Sponsorship
Navan has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (36)
Funding
Current Stage
Late StageTotal Funding
$2.24BKey Investors
Goldman Sachs Bank USACoatueGreenoaks
2022-12-08Debt Financing· $400M
2022-10-12Series G· $154M
2022-10-12Debt Financing· $150M
Leadership Team
Ariel Cohen
CEO and Co-Founder
Thomas Tuchscherer
Chief Financial Officer
Recent News
Company data provided by crunchbase
