about 4 hours ago
Base Salary
$135k - $300k/yr
Responsibilities
- Serve as the primary architectural lead for high-priority product security initiatives.
- Advise on the overall strategy and roadmap of the Product Security Program.
- Drive the expansion and maturation of the Navan S-SDLC program.
- Review product designs for security defects and perform threat modeling.
- Work with engineers to identify tradeoffs and recommend ideal security designs.
- Design and develop security tools and processes for development teams.
- Sustain processes and convert manual integrations to automated activities.
- Lead the development of custom Security as Code solutions.
- Provide training and guidance to development teams early in the SSDLC.
- Cultivate security ownership within product teams.
- Bring visibility to product/application vulnerabilities for prioritization and remediation.
- Help build the Red Team and PSIRT functions.
Requirements
- Proven experience in threat modeling and architecture reviews for complex applications.
- Experience delivering critical org-wide product security initiatives.
- Experience in application, cloud, and mobile penetration testing in high-risk environments.
- 8-10+ years of Technical Product Security experience with a track record of impact in SSDLC tooling and automation.
- Ability to mentor junior engineers and lead cross-functional initiatives.
- Pragmatic security advice for web, mobile, and cloud applications.
- Experience in Agile development and technologies such as AWS, application security testing tools, and infrastructure as code.
- In-depth knowledge of application and network protocols, cryptographic primitives, and common security threats.
- Deep knowledge of cloud operational models and secure SaaS architecture.