Navan is looking for a visionary Director of Security Engineering to lead the charge in protecting our customer-facing products and internal tools. As we pivot toward a future defined by AI-driven natural language interfaces, you will be the primary architect of a security strategy that balances rapid innovation with world-class defense-in-depth.
Reporting directly to the CISO, you will oversee two critical pillars of our defense: Product Security (S-SDLC, Threat Modeling, Pentesting) and Security Software Engineering (Core AuthN/AuthZ, Encryption Services). Your mission is to ensure that security is not a bottleneck, but a built-in feature of everything Navan builds.
What You’ll Do- Strategic Leadership: Own the overall strategy and roadmap for the Product Security and Security Engineering programs.
- Scale the Function: Develop and scale a "shift left" security culture by integrating automated security tooling and "Security as Code" solutions directly into the IDE / CI.
- Architect Core Services: Oversee the design and implementation of highly scalable security frameworks for authentication, authorization, and encryption, including cutting-edge transitions to Passkeys.
- AI & Emerging Tech: Secure the next generation of Navan products, specifically focusing on the security implications of LLM-integrated natural language interfaces and AI-driven workflows.
- Cross-Functional Partnership: Act as a key liaison between Security, Engineering, and Product teams to drive risk remediation and ensure "Security by Design".
- Team Building: Recruit, mentor, and manage high-performing teams, including the development of Red Team and PSIRT functions.
- Operational Excellence: Drive visibility into application vulnerabilities and technical debt, ensuring clear prioritization and pragmatic remediation.
- Experience: 12+ years in Security Engineering or Software Engineering, with at least 5 years in a senior leadership role managing technical teams.
- Technical Breadth: Deep expertise across the full stack, including Java Spring Framework, Cloud Infrastructure (AWS), and containerization.
- Identity & Access Specialist: In-depth knowledge of modern authentication (SAML, JWT, OIDC, Passkeys) and complex multi-tenant authorization frameworks.
- Security Domain Expertise: Proven track record in threat modeling, architecture reviews, and application penetration testing in high-risk environments (e.g., Fintech or Healthcare)
- Tooling Mastery: Hands-on experience with S-SDLC automation, including SAST, DAST, IAST, and SCA integration.
- Regulatory Knowledge: Familiarity with global compliance standards such as PCI DSS, SOC2, HIPAA, and FedRAMP.
- Communication & Influence: The ability to translate complex security risks into business impact for executive stakeholders while maintaining deep technical credibility with engineers.
Top Skills
What the Team is Saying
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.
.png)
