Navan
Overview We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting-edge security solutions, and collaborating with various teams to enhance our overall security posture.
Ensure all your application information is up to date and in order before applying for this opportunity. Responsibilities
Manage Workforce IAM and Identity Governance: Lead the management and optimization of our Workforce IAM and Identity Governance systems, with hands-on knowledge across the Okta platform. Design and enforce granular authentication policies, manage the full lifecycle of application access through Okta Access Requests and Entitlements, and leverage Okta Device Trust to establish a zero-trust security posture for all corporate resources. Federate and Configure Application Access: Integrate a wide range of SaaS and custom applications into identity platforms (Okta and Microsoft Entra ID) for single sign-on. Proficiency in federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning. Secure Devices and Endpoints: Develop and implement security strategies for a diverse fleet of corporate devices, including Windows endpoints with Microsoft Intune, macOS with Jamf, and ChromeOS via Google Admin console, ensuring protection against unauthorized access and threats. Manage Endpoint Detection and Response (EDR): Deploy, administer, and tune the CrowdStrike Falcon suite, including Falcon Insight for incident investigation, Falcon Prevent for antivirus, and proactive threat hunting to identify and neutralize threats. Implement Zero Trust Network Access: Design and deploy Zero Trust security models to enhance network security and safeguard resources. Deploy Data Loss Prevention Solutions: Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications such as Google Workspace, Salesforce, and Box. Enable Large-Scale Endpoint Management: Oversee deployment and maintenance of secure operating systems and platforms at scale; implement and manage patch management across Windows, macOS, and ChromeOS to reduce vulnerabilities. Orchestrate Security Posture Checks: Automate security checks for new infrastructure deployments to ensure compliance with security standards. Implement Endpoint State Attestation: Deploy tooling to continuously validate the security state of endpoints (e.g., Entra Conditional Access and Intune compliance policies). Scale Proactive Security Controls: Extend security measures to new environments, including those acquired through mergers or acquisitions. Stay Current with Industry Trends: Keep abreast of the latest security threats, technologies, and trends to proactively address vulnerabilities. Develop Custom Security Solutions: Contribute to the development of custom and open-source security tools as needed. What We're Looking For
Experience: Minimum of 5 years in corporate security engineering within a SaaS or similar environment. Technical Expertise: Expert-level proficiency with Okta for workforce Identity and Access Management (SSO, MFA, IGA). Okta Certification is a plus. Experience designing and implementing complex access management automation and workflows, with preference for Okta Access Requests and Okta Workflows. Strong knowledge of securing devices and endpoints, including hands-on experience with Microsoft Intune. Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments. Experience securing Google Workspace and Microsoft 365/Enterprise Suite. Hands-on experience with enterprise Zero Trust Network Access solutions (e.g., Zscaler) a strong plus. Understanding of Zero Trust Network Access models. Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform). Knowledge of Data Loss Prevention strategies in SaaS applications. Experience with vulnerability management tools and methodologies. Automation Mindset: Passion for automating processes to improve efficiency and scalability. Communication Skills: Ability to explain complex security concepts to technical and non-technical stakeholders and collaborate with cross-functional teams. Problem-Solving Abilities: Ability to identify security risks and develop effective mitigations. Education & Certifications
Education: Bachelor’s degree in Computer Science, Information Security, or a related field preferred. Certifications: Highly desirable: Okta Certified Professional or higher, Microsoft Security Certifications. Nice to have: CISSP, CISM, or similar. Compensation & Location Pay Range: $127,500 USD - $230,000 USD Location: Palo Alto, CA
#J-18808-Ljbffr
Ensure all your application information is up to date and in order before applying for this opportunity. Responsibilities
Manage Workforce IAM and Identity Governance: Lead the management and optimization of our Workforce IAM and Identity Governance systems, with hands-on knowledge across the Okta platform. Design and enforce granular authentication policies, manage the full lifecycle of application access through Okta Access Requests and Entitlements, and leverage Okta Device Trust to establish a zero-trust security posture for all corporate resources. Federate and Configure Application Access: Integrate a wide range of SaaS and custom applications into identity platforms (Okta and Microsoft Entra ID) for single sign-on. Proficiency in federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning. Secure Devices and Endpoints: Develop and implement security strategies for a diverse fleet of corporate devices, including Windows endpoints with Microsoft Intune, macOS with Jamf, and ChromeOS via Google Admin console, ensuring protection against unauthorized access and threats. Manage Endpoint Detection and Response (EDR): Deploy, administer, and tune the CrowdStrike Falcon suite, including Falcon Insight for incident investigation, Falcon Prevent for antivirus, and proactive threat hunting to identify and neutralize threats. Implement Zero Trust Network Access: Design and deploy Zero Trust security models to enhance network security and safeguard resources. Deploy Data Loss Prevention Solutions: Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications such as Google Workspace, Salesforce, and Box. Enable Large-Scale Endpoint Management: Oversee deployment and maintenance of secure operating systems and platforms at scale; implement and manage patch management across Windows, macOS, and ChromeOS to reduce vulnerabilities. Orchestrate Security Posture Checks: Automate security checks for new infrastructure deployments to ensure compliance with security standards. Implement Endpoint State Attestation: Deploy tooling to continuously validate the security state of endpoints (e.g., Entra Conditional Access and Intune compliance policies). Scale Proactive Security Controls: Extend security measures to new environments, including those acquired through mergers or acquisitions. Stay Current with Industry Trends: Keep abreast of the latest security threats, technologies, and trends to proactively address vulnerabilities. Develop Custom Security Solutions: Contribute to the development of custom and open-source security tools as needed. What We're Looking For
Experience: Minimum of 5 years in corporate security engineering within a SaaS or similar environment. Technical Expertise: Expert-level proficiency with Okta for workforce Identity and Access Management (SSO, MFA, IGA). Okta Certification is a plus. Experience designing and implementing complex access management automation and workflows, with preference for Okta Access Requests and Okta Workflows. Strong knowledge of securing devices and endpoints, including hands-on experience with Microsoft Intune. Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments. Experience securing Google Workspace and Microsoft 365/Enterprise Suite. Hands-on experience with enterprise Zero Trust Network Access solutions (e.g., Zscaler) a strong plus. Understanding of Zero Trust Network Access models. Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform). Knowledge of Data Loss Prevention strategies in SaaS applications. Experience with vulnerability management tools and methodologies. Automation Mindset: Passion for automating processes to improve efficiency and scalability. Communication Skills: Ability to explain complex security concepts to technical and non-technical stakeholders and collaborate with cross-functional teams. Problem-Solving Abilities: Ability to identify security risks and develop effective mitigations. Education & Certifications
Education: Bachelor’s degree in Computer Science, Information Security, or a related field preferred. Certifications: Highly desirable: Okta Certified Professional or higher, Microsoft Security Certifications. Nice to have: CISSP, CISM, or similar. Compensation & Location Pay Range: $127,500 USD - $230,000 USD Location: Palo Alto, CA
#J-18808-Ljbffr