Navan Inc
Get started Navan Travel is free* — no platform fees
Location: Palo Alto, CA or San Francisco, CA
We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting-edge security solutions, and collaborating with various teams to enhance our overall security posture.
What You'll Do
Manage Workforce IAM and Identity Governance:
Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands-on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero-trust security posture for all corporate resources. Federate and Configure Application Access:
Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra ID, for single sign-on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning. Secure Devices and Endpoints:
Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, macOS devices with Jamf, and ChromeOS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats. Manage Endpoint Detection and Response (EDR):
Lead the deployment, administration, and tuning of our EDR platform, specifically the CrowdStrike Falcon suite. Your responsibilities will include leveraging products like Falcon Insight for incident investigation, Falcon Prevent for next-gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints. Implement Zero Trust Network Access:
Design and deploy Zero Trust security models to enhance network security and safeguard company resources. Deploy Data Loss Prevention Solutions:
Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box. Enable Large-Scale Endpoint Management:
Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, macOS, ChromeOS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface. Orchestrate Security Posture Checks : Automate security checks for all new infrastructure deployments to ensure compliance with security standards. Implement Endpoint State Attestation:
Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints. Scale Proactive Security Controls:
Extend security measures to new environments, including those acquired through mergers or acquisitions. Stay Current with Industry Trends:
Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities. Develop Custom Security Solutions:
Contribute to the development of custom and open-source security tools tailored to our needs. What We're Looking For
Experience: Minimum of 5 years of experience in corporate security engineering within a SaaS or similar environment. Technical Expertise: Expert-level proficiency with the Okta platform for workforce Identity and Access Management (SSO, MFA, IGA). Okta Certification is a strong plus. Demonstrated experience designing and implementing complex access management automation and workflows, with a strong preference for candidates skilled in Okta Access Requests and Okta Workflows. Strong knowledge of securing devices and endpoints, including hands-on experience with Mobile Device Management platforms like Microsoft Intune. Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments. Experience with securing Google Workspace and Microsoft 365/Enterprise Suite. Hands-on experience implementing an enterprise zero trust network access solution such as ZScaler is a strong plus. Understanding of Zero Trust Network Access models. Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform). Knowledge of Data Loss Prevention strategies in SaaS applications. Experience with vulnerability management tools and methodologies. Automation Mindset: Passion for automating processes to improve efficiency and scalability. Communication Skills: Ability to effectively communicate complex security concepts to technical and non-technical stakeholders, including collaboration with the physical security team. Problem-Solving Abilities: Demonstrated ability to identify security risks and develop effective mitigation strategies. Certifications: Highly Desirable: Okta Certified Professional or Higher, Microsoft Security Certifications Nice to Have: CISSP, CISM, or similar security certifications. Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred. Pay Range $127,500 — $230,000 USD Navan is the leading all-in-one business travel and expense management solution that makes travel easy for frequent travelers. From finding flights and hotels, to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com . Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. Valued at $9.2B, Navan is well-positioned for continued growth as it continues its takeover of the travel and expense market. In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay — the latter of which remains a standalone brand. At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation. All voices are valued here and you’ll have the resources, tools, and training you’ll need to do the best work of your life. Navan provides a comprehensive benefits package tailored to support your well-being and financial security. Our offerings include generous medical plans, dental, and vision benefits with premiums covered by Navan, as well as various insurance options designed to cover each family's needs. We also prioritize your holistic wellness with perks like paid parental and bereavement leave, subsidized commuter benefits, mental health support, connectivity stipends, and even pet insurance. Workplace Policy Navan believes in the value of in-person connections, whether that is sitting down to have lunch with one another, taking a walking 1:1, or collaborating in a room together. The connections forged through face-to-face interactions improve company culture and drive business results. Navan invests in global office spaces — in the U.S., Europe, and Asia, among others — that feel welcoming. Perks such as lunches and happy hours create a strong team environment to help you do your best work. We prioritize in-person connections and operate on a four-day-in-office work model. Please expect this policy for all roles that are tied to an office. Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring. Accommodations Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law. Please review Navan's Candidate Privacy Notice here . Job Search Best Practices We have been made aware of recruitment scams involving fraudulent attempts to lure job seekers into sending money or personal information in return for fake job offers or coerce them into purchasing equipment by electronic funds transfer (Zelle, Venmo, etc.) Legitimate Navan recruiters will never ask for money in any recruitment or onboarding activities. All available job openings at Navan will be posted on Navan’s website and all Navan recruiters will be reachable through an email address ending in “@navan.com” or “@navan.tech” or "@talent.navan.com".
#J-18808-Ljbffr
Manage Workforce IAM and Identity Governance:
Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands-on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero-trust security posture for all corporate resources. Federate and Configure Application Access:
Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra ID, for single sign-on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning. Secure Devices and Endpoints:
Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, macOS devices with Jamf, and ChromeOS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats. Manage Endpoint Detection and Response (EDR):
Lead the deployment, administration, and tuning of our EDR platform, specifically the CrowdStrike Falcon suite. Your responsibilities will include leveraging products like Falcon Insight for incident investigation, Falcon Prevent for next-gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints. Implement Zero Trust Network Access:
Design and deploy Zero Trust security models to enhance network security and safeguard company resources. Deploy Data Loss Prevention Solutions:
Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box. Enable Large-Scale Endpoint Management:
Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, macOS, ChromeOS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface. Orchestrate Security Posture Checks : Automate security checks for all new infrastructure deployments to ensure compliance with security standards. Implement Endpoint State Attestation:
Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints. Scale Proactive Security Controls:
Extend security measures to new environments, including those acquired through mergers or acquisitions. Stay Current with Industry Trends:
Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities. Develop Custom Security Solutions:
Contribute to the development of custom and open-source security tools tailored to our needs. What We're Looking For
Experience: Minimum of 5 years of experience in corporate security engineering within a SaaS or similar environment. Technical Expertise: Expert-level proficiency with the Okta platform for workforce Identity and Access Management (SSO, MFA, IGA). Okta Certification is a strong plus. Demonstrated experience designing and implementing complex access management automation and workflows, with a strong preference for candidates skilled in Okta Access Requests and Okta Workflows. Strong knowledge of securing devices and endpoints, including hands-on experience with Mobile Device Management platforms like Microsoft Intune. Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments. Experience with securing Google Workspace and Microsoft 365/Enterprise Suite. Hands-on experience implementing an enterprise zero trust network access solution such as ZScaler is a strong plus. Understanding of Zero Trust Network Access models. Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform). Knowledge of Data Loss Prevention strategies in SaaS applications. Experience with vulnerability management tools and methodologies. Automation Mindset: Passion for automating processes to improve efficiency and scalability. Communication Skills: Ability to effectively communicate complex security concepts to technical and non-technical stakeholders, including collaboration with the physical security team. Problem-Solving Abilities: Demonstrated ability to identify security risks and develop effective mitigation strategies. Certifications: Highly Desirable: Okta Certified Professional or Higher, Microsoft Security Certifications Nice to Have: CISSP, CISM, or similar security certifications. Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred. Pay Range $127,500 — $230,000 USD Navan is the leading all-in-one business travel and expense management solution that makes travel easy for frequent travelers. From finding flights and hotels, to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com . Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. Valued at $9.2B, Navan is well-positioned for continued growth as it continues its takeover of the travel and expense market. In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay — the latter of which remains a standalone brand. At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation. All voices are valued here and you’ll have the resources, tools, and training you’ll need to do the best work of your life. Navan provides a comprehensive benefits package tailored to support your well-being and financial security. Our offerings include generous medical plans, dental, and vision benefits with premiums covered by Navan, as well as various insurance options designed to cover each family's needs. We also prioritize your holistic wellness with perks like paid parental and bereavement leave, subsidized commuter benefits, mental health support, connectivity stipends, and even pet insurance. Workplace Policy Navan believes in the value of in-person connections, whether that is sitting down to have lunch with one another, taking a walking 1:1, or collaborating in a room together. The connections forged through face-to-face interactions improve company culture and drive business results. Navan invests in global office spaces — in the U.S., Europe, and Asia, among others — that feel welcoming. Perks such as lunches and happy hours create a strong team environment to help you do your best work. We prioritize in-person connections and operate on a four-day-in-office work model. Please expect this policy for all roles that are tied to an office. Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring. Accommodations Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law. Please review Navan's Candidate Privacy Notice here . Job Search Best Practices We have been made aware of recruitment scams involving fraudulent attempts to lure job seekers into sending money or personal information in return for fake job offers or coerce them into purchasing equipment by electronic funds transfer (Zelle, Venmo, etc.) Legitimate Navan recruiters will never ask for money in any recruitment or onboarding activities. All available job openings at Navan will be posted on Navan’s website and all Navan recruiters will be reachable through an email address ending in “@navan.com” or “@navan.tech” or "@talent.navan.com".
#J-18808-Ljbffr