Skip to content
NavanNavanPalo Alto, CA

Director, Product Security Engineering

Lead product security initiatives by embedding security into the SDLC, performing threat modeling, building security tooling, and mentoring teams. Requires 8-10+ years of product security experience and deep expertise in cloud, application, and mobile security.

135k – 300k
On-site8+ YOESecurity Engineering

About the role

What You’ll Do

  • Serve as the primary architectural lead for high-priority product security initiatives, ensuring the strategic alignment and timely delivery of impactful programs.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Drive the expansion and maturation of the Navan S-SDLC program across the organization.
  • Review product designs for security defects, perform threat modeling and recommend remediations.
  • Work with engineers to identify the tradeoffs of different solutions and recommend the ideal design to meet security requirements.
  • Design and develop security tools and processes to be leveraged by development teams.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
  • Lead the definition and development of custom Security as Code solutions.
  • Provide training, guidance, and assistance to development teams early in the SSDLC.
  • Cultivate security ownership in the product teams.
  • Bring visibility to product/application vulnerabilities in a consistent manner to enable appropriate prioritization and remediation.
  • Help build the Red Team and PSIRT functions.

What We’re Looking For

  • Proven experience performing threat modeling and architecture reviews for complex applications.
  • Proven experience delivering critical org-wide product security initiatives.
  • Proven experience performing application, cloud and mobile penetration testing in high risk environments like financial or healthcare companies.
  • 8-10+ years of Technical Product Security experience with a proven track record of system-wide impact in SSDLC tooling, automation, and threat modeling/attack surface analysis.
  • Proven ability to mentor junior engineers and lead cross-functional initiatives in multifaceted and highly technical organizations.
  • Ability to provide pragmatic security advice for web applications, mobile applications, and cloud software.
  • Experience working in Agile development with experience in technologies such as:
    • Cloud environment (AWS, or similar)
    • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
    • Infrastructure as code (Terraform, or similar)
    • Java Spring Framework (3+ years), Hibernate or similar ORM technologies, JavaScript/CSS, and Angular
    • Containers (Docker, Kubernetes, or similar)
    • Continuous integration (Jenkins, Github Actions or similar)
    • Integration of Security testing tools into CI pipelines
    • Defect tracking (Jira,or similar.)
    • Source code management (GitHub, or similar.)
  • In-depth knowledge of common application & network protocols, cryptographic primitives, authentication & authorization protocols, and common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
  • Deep knowledge of cloud operational models and secure SaaS architecture in a containerized microservices world.

Skills

Threat ModelingArchitecture ReviewsPenetration TestingApplication SecuritySASTDASTIastScaAWSTerraformJava Spring FrameworkHibernateJavaScriptAngularDocker
Parallel

Head of Security

ParallelPalo Alto, CA +1

Lead security strategy and program for AI web infrastructure platform. Own security posture, compliance, and customer trust as the technical security leader for engineering and leadership teams.

150k – 300k
On-siteSecurity Engineering
Fable Security

Head of IT & Information Security

Fable SecurityUnited States

Lead security, compliance, and IT functions including SOC 2, ISO 27001, privacy, risk management, and external industry presence. Requires 7+ years in security/compliance/IT with direct experience leading compliance programs.

160k – 225k
Remote7+ YOESecurity Engineering
NexHealth

Head of IT & Security

NexHealthSeattle, WA +1

Lead NexHealth's security governance, compliance, IT operations, and incident response. Build and scale the security program and team from the ground up while partnering with engineering and leadership.

175k – 220k
On-site8+ YOESecurity Engineering
Greenboard

Head of Technical Security

GreenboardNew York, NY

Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.

185k – 300k
On-siteSecurity Engineering
Pure

Director of Physical Security

PureLos Angeles, CA

Leads physical security operations for a precious metals trading facility, including protocol design, surveillance monitoring, delivery oversight, team training, audits, and incident response. Requires 5+ years experience, security tech knowledge, and California firearms permits.

75k – 110k
On-site5+ YOESecurity Engineering