Director, Product Security Engineering

Navan is looking for a visionary Director of Security Engineering to lead the charge in protecting our customer-facing products and internal tools. As we pivot toward a future defined by AI-driven natural language interfaces, you will be the primary architect of a security strategy that balances rapid innovation with world-class defense-in-depth.

Reporting directly to the CISO, you will oversee two critical pillars of our defense: Product Security (S-SDLC, Threat Modeling, Pentesting) and Security Software Engineering (Core AuthN/AuthZ, Encryption Services). Your mission is to ensure that security is not a bottleneck, but a built-in feature of everything Navan builds.

What You’ll Do

• Strategic Leadership: Own the overall strategy and roadmap for the Product Security and Security Engineering programs.
• Scale the Function: Develop and scale a "shift left" security culture by integrating automated security tooling and "Security as Code" solutions directly into the IDE / CI.
• Architect Core Services: Oversee the design and implementation of highly scalable security frameworks for authentication, authorization, and encryption, including cutting-edge transitions to Passkeys.
• AI & Emerging Tech: Secure the next generation of Navan products, specifically focusing on the security implications of LLM-integrated natural language interfaces and AI-driven workflows.
• Cross-Functional Partnership: Act as a key liaison between Security, Engineering, and Product teams to drive risk remediation and ensure "Security by Design".
• Team Building: Recruit, mentor, and manage high-performing teams, including the development of Red Team and PSIRT functions.
• Operational Excellence: Drive visibility into application vulnerabilities and technical debt, ensuring clear prioritization and pragmatic remediation.
  
  

What We’re Looking For

• Experience: 12 years in Security Engineering or Software Engineering, with at least 5 years in a senior leadership role managing technical teams.
• Technical Breadth: Deep expertise across the full stack, including Java Spring Framework, Cloud Infrastructure (AWS), and containerization.
• Identity & Access Specialist: In-depth knowledge of modern authentication (SAML, JWT, OIDC, Passkeys) and complex multi-tenant authorization frameworks.
• Security Domain Expertise: Proven track record in threat modeling, architecture reviews, and application penetration testing in high-risk environments (e.g., Fintech or Healthcare)
• Tooling Mastery: Hands-on experience with S-SDLC automation, including SAST, DAST, IAST, and SCA integration.
• Regulatory Knowledge: Familiarity with global compliance standards such as PCI DSS, SOC2, HIPAA, and FedRAMP.
• Communication & Influence: The ability to translate complex security risks into business impact for executive stakeholders while maintaining deep technical credibility with engineers.
  
  

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range: $191,700 USD - $426,000 USD