Demo

Sr. Product Security Engineer

Navan
Palo Alto, CA Full Time
POSTED ON 3/18/2026
AVAILABLE BEFORE 7/15/2026
The Senior Product Security Engineer will be responsible for securing Navan products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. You will be responsible for developing and scaling the product security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, and providing security analysis/design/training to the organization.

Reporting to the senior Director of Product Security and Trust, you will contribute significantly to building and scaling an application security program. This position requires both advanced technical skills, strong communication skills, and the ability to influence people. You will be responsible for ensuring the continuous security of Navan customer-facing products and internal tools. You will focus on proactively discovering security vulnerabilities, driving and advising risk remediation based on research, and developing strong partnerships with engineering and product teams to accelerate the release of the software with security by design.

What You’ll Do

  • Act as the tech lead for high-priority product security initiatives, and ensure timely delivery of impactful initiatives.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Participate in expanding/maturing the Navan S-SDLC program.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
  • Design and develop security tools and processes to be leveraged by development teams.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
  • Assist in developing custom Security as Code solutions.
  • Provide training, guidance, and assistance to development teams early in the SSDLC.
  • Cultivate security ownership in the product teams.
  • Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
  • Help build the Red Team and PSIRT functions.

What We’re Looking For

  • Proven experience performing threat modeling and architecture reviews for complex applications.
  • Proven experience delivering critical org-wide product security initiatives.
  • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
  • 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
  • Ability to execute in multifaceted and highly technical organizations.
  • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
  • Experience working in Agile development with experience in technologies such as:
    • Cloud environment (AWS, or similar)
    • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
    • Infrastructure as code (Terraform, or similar)
    • Java Spring Framework (3 years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
    • Containers (Docker, Kubernetes, or similar)
    • Continuous integration (Jenkins, Github Actions or similar)
    • Integration of Security testing tools into CI pipelines
    • Defect tracking (Jira,or similar.)
    • Source code management (GitHub, or similar.)
  • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
  • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.
Good To Have

  • Published contributions to the security community.
  • Deep understanding of browser security and modern JavaScript frameworks.
  • Knowledge of compliance requirements for industry-standard certifications like PCI DSS, SOC2, HIPAA, and FedRAMP.
  • Experience working in small teams and delivering outsized impact.

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range: $127,500 USD - $230,000 USD

Salary : $127,500 - $230,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Sr. Product Security Engineer?

Sign up to receive alerts about other jobs on the Sr. Product Security Engineer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$105,225 - $134,937
Income Estimation: 
$126,015 - $168,198
Income Estimation: 
$126,033 - $165,110
Income Estimation: 
$120,936 - $155,014
Income Estimation: 
$131,745 - $167,716
Income Estimation: 
$144,503 - $184,592
Income Estimation: 
$102,541 - $137,871
Income Estimation: 
$153,752 - $200,235
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Navan

Senior Business Systems Analyst
Apply
  • Navan Austin, TX
  • As a Senior Business Systems Analyst specializing in NetSuite at Navan, you’ll serve as our primary expert and technical lead for our global NetSuite envir... more
  • 9 Days Ago
Manager, IT Systems Engineering
Apply
  • Navan San Francisco, CA
  • We are seeking an experienced and strategic Manager, IT Systems Engineering to lead our core IT Systems teams, specifically overseeing the Application Syst... more
  • 9 Days Ago
Integrations Manager
Apply
  • Navan York, NY
  • We’re looking for an Integrations Manager to help scale the future of Navan’s integrations and ensure our customers realize the full value of our platform.... more
  • 10 Days Ago
Senior Revenue Analyst
Apply
  • Navan Dallas, TX
  • We are seeking a Senior Revenue Analyst to join our revenue accounting team for the Navan Expense product. This individual will own crucial month-end close... more
  • 10 Days Ago
View More Jobs at Navan

Not the job you're looking for? Here are some other Sr. Product Security Engineer jobs in the Palo Alto, CA area that may be a better fit.

Sr. Product Security Engineer
Apply
  • Illumio San Jose, CA
  • Onwards Together! Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resi... more
  • 10 Days Ago
Sr Product Marketing Manager - Partner
Apply
  • Obsidian Security Palo Alto, CA
  • Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microso... more
  • 2 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!