HiringCafe
Posted 2mo ago

Director, Product Security Engineering

@ Navan
View All Jobs
Dallas or Palo Alto
OnsiteFull Time
Responsibilities:Strategic leadership, Scale security, Architect services
Requirements Summary:12+ years in Security Engineering or Software Engineering; 5+ years in a senior leadership role; strong full-stack skills (Java/Spring, AWS, containers); expertise in modern authentication and multi-tenant authorization; experience with S-SDLC, threat modeling, pentesting; knowledge of PCI DSS, SOC2, HIPAA, FedRAMP; ability to communicate security risk to executives.
Technical Tools Mentioned:Java, Spring Framework, AWS, Docker, Kubernetes, SAML, JWT, OIDC, Passkeys, SAST, DAST, IAST, SCA, PCI DSS, SOC2, HIPAA, FedRAMP
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Navan is looking for a visionary Director of Security Engineering to lead the charge in protecting our customer-facing products and internal tools. As we pivot toward a future defined by AI-driven natural language interfaces, you will be the primary architect of a security strategy that balances rapid innovation with world-class defense-in-depth.

Reporting directly to the CISO, you will oversee two critical pillars of our defense: Product Security (S-SDLC, Threat Modeling, Pentesting) and Security Software Engineering (Core AuthN/AuthZ, Encryption Services). Your mission is to ensure that security is not a bottleneck, but a built-in feature of everything Navan builds.

What You’ll Do

  • Strategic Leadership: Own the overall strategy and roadmap for the Product Security and Security Engineering programs.
  • Scale the Function: Develop and scale a "shift left" security culture by integrating automated security tooling and "Security as Code" solutions directly into the IDE / CI.
  • Architect Core Services: Oversee the design and implementation of highly scalable security frameworks for authentication, authorization, and encryption, including cutting-edge transitions to Passkeys.
  • AI & Emerging Tech: Secure the next generation of Navan products, specifically focusing on the security implications of LLM-integrated natural language interfaces and AI-driven workflows.
  • Cross-Functional Partnership: Act as a key liaison between Security, Engineering, and Product teams to drive risk remediation and ensure "Security by Design".
  • Team Building: Recruit, mentor, and manage high-performing teams, including the development of Red Team and PSIRT functions.
  • Operational Excellence: Drive visibility into application vulnerabilities and technical debt, ensuring clear prioritization and pragmatic remediation.

What We’re Looking For

  • Experience: 12+ years in Security Engineering or Software Engineering, with at least 5 years in a senior leadership role managing technical teams.
  • Technical Breadth: Deep expertise across the full stack, including Java Spring Framework, Cloud Infrastructure (AWS), and containerization.
  • Identity & Access Specialist: In-depth knowledge of modern authentication (SAML, JWT, OIDC, Passkeys) and complex multi-tenant authorization frameworks.
  • Security Domain Expertise: Proven track record in threat modeling, architecture reviews, and application penetration testing in high-risk environments (e.g., Fintech or Healthcare)
  • Tooling Mastery: Hands-on experience with S-SDLC automation, including SAST, DAST, IAST, and SCA integration.
  • Regulatory Knowledge: Familiarity with global compliance standards such as PCI DSS, SOC2, HIPAA, and FedRAMP.
  • Communication & Influence: The ability to translate complex security risks into business impact for executive stakeholders while maintaining deep technical credibility with engineers.