Easy Apply
Be an Early Applicant
Travel & expense made easy.
The Role
Lead incident response lifecycle across multi-cloud infrastructure: triage, containment, evidence capture, remediation, and post-incident analysis. Build SOAR automations with Tines, tune detections in CrowdStrike and SIEM, monitor data risks with Cyberhaven DLP, partner on secure architecture, evaluate emergent threats, and participate in on-call rotation.
Summary Generated by Built In
At Navan, you will serve as the technical lead for our incident response lifecycle, driving the containment and remediation of security threats across our multi-cloud infrastructure, products, and operational environments. You will balance hands-on technical investigations with the leadership required to coordinate response efforts, leveraging a modern security stack to protect our global travel and expense platform.
What You’ll Do:
- Incident Response Leadership: Act as the primary Incident Lead during high-severity events. Own the end-to-end response lifecycle: driving triage, containment, evidence capture, and post-incident root-cause analysis.
- Automation & SOAR Engineering: Use Tines to build and design workflows that automate triage, enrichment, and containment actions, significantly reducing operational toil and improving time-to-contain.
- Detection & Endpoint Monitoring: Manage and fine-tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high-precision, low-latency coverage against modern adversary tradecraft.
- Data Protection & Visibility: Monitor and respond to data risks across endpoints, identity, and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes.
- Architecture Partnership: Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry, encryption, authentication, and response playbooks from day one.
- Emergent Threats: Evaluate and design response strategies for frontier security concerns, such as automated agents or bots operating across infrastructure at scale.
- On-Call Rotation: Actively participate in the scheduled Incident Response on-call rotation, ensuring reliable coverage and operational readiness for emergent threats.
What We’re Looking For:
- 5+ years of experience in a dedicated Incident Response, SOC, or Security Engineering role, with a proven track record of leading high-severity incident containment in fast-paced environments
- Strong familiarity with the MITRE ATT&CK framework, modern adversary tactics, techniques, and procedures (TTPs), and common attack vectors targeting SaaS platforms
- Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms.
- Excellent leadership skills with the ability to remain calm under pressure, coordinate cross-functional teams (Engineering, Legal, PR), and clearly communicate complex technical risks to stakeholders.
Skills Required
- 5+ years in Incident Response, SOC, or Security Engineering
- Proven experience leading high-severity incident containment and response
- Experience building automations and SOAR workflows using Tines
- Experience managing and tuning detection logic in CrowdStrike Falcon or equivalent EDR/XDR
- Experience with enterprise SIEM and SOAR platforms
- Familiarity with Cyberhaven DLP or equivalent data loss prevention tools
- Strong knowledge of MITRE ATT&CK framework and modern adversary TTPs
- Ability to coordinate cross-functional teams, communicate technical risks, and remain calm under pressure
- Willingness to participate in scheduled Incident Response on-call rotation
What the Team is Saying
Brian Guimond
Revenue Operations Analyst
Adamas Victória Cavalcante Robitz
Business Travel Consultant II
Bastian Martino
Manager, Travel Services
Charlotte Delafosse
Regional Director, Mid-Market Sales
Daniella Schuh
Mid-Market Account Executive
Alice Rao-Wyckoff
Senior Mid-Market Account Executive, Expense
Mily O Loughlin
Commercial Sales Development Representative
Anna
Regional Director, Enterprise Expense Sales
Roshni
Software Engineer
Henry Statfeld
Growth Account Executive
Jose Soares
Regional Director, Mid-Market Sales
Navan Compensation & Benefits Highlights
-
Fair & Transparent Compensation — Pay aligns with mid‑ to upper‑market in core engineering and GTM roles, with competitive cash, equity, and bonus plans. Defined pay bands and commission tiers provide clarity on how earnings are structured.
-
Leave & Time Off Breadth — Flexible/unlimited PTO is part of the package alongside paid parental leave durations for birthing and non‑birthing parents. Time‑off policies are positioned as broad and supportive across the company.
-
Wellbeing & Lifestyle Benefits — Travel‑centric perks (IATAN access and discounted personal travel) combine with connectivity/home‑office stipends, commuter benefits, in‑office meals/snacks, and pet insurance. Access to Headspace supports mental‑health resources.
Navan Insights
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.
Typical time on-site:
4 days a week
.png)
