Senior Security Engineer

Navan is a modern, dynamic SaaS company revolutionizing the way businesses manage travel and expenses. With offices around the world, we are committed to creating seamless and innovative solutions for our clients. Our team is dedicated to fostering a collaborative and inclusive environment where everyone's contributions are valued.

Role Overview

We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting‑edge security solutions, and collaborating with various teams to enhance our overall security posture.

What You'll Do

• Manage Workforce IAM and Identity Governance : Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands‑on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero‑trust security posture for all corporate resources.
• Federate and Configure Application Access : Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra ID, for single sign‑on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning.
• Secure Devices and Endpoints : Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, macOS devices with Jamf, and ChromeOS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats.
• Manage Endpoint Detection and Response (EDR) : Lead the deployment, administration, and tuning of our EDR platform, specifically the CrowdStrike Falcon suite. Your responsibilities will include leveraging products like Falcon Insight for incident investigation, Falcon Prevent for next‑gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints.
• Implement Zero Trust Network Access : Design and deploy Zero Trust security models to enhance network security and safeguard company resources.
• Deploy Data Loss Prevention Solutions : Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box.
• Enable Large‑Scale Endpoint Management : Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, macOS, ChromeOS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface.
• Orchestrate Security Posture Checks : Automate security checks for all new infrastructure deployments to ensure compliance with security standards.
• Implement Endpoint State Attestation : Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints.
• Scale Proactive Security Controls : Extend security measures to new environments, including those acquired through mergers or acquisitions.
• Stay Current with Industry Trends : Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities.
• Develop Custom Security Solutions : Contribute to the development of custom and open‑source security tools tailored to our needs.

What We're Looking For

Technical Expertise :

Certifications :

Why Navan?

Pay Range

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity. For roles with on‑target‑earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range : $127,500 USD – $230,000 USD

Seniority level

Employment type

Job function

Industries

#J-18808-Ljbffr