Director, Product Security Engineering

About The Position

Requirements

• 12+ years in Security Engineering or Software Engineering, with at least 5 years in a senior leadership role managing technical teams.
• Deep expertise across the full stack, including Java Spring Framework, Cloud Infrastructure (AWS), and containerization.
• In-depth knowledge of modern authentication (SAML, JWT, OIDC, Passkeys) and complex multi-tenant authorization frameworks.
• Proven track record in threat modeling, architecture reviews, and application penetration testing in high-risk environments (e.g., Fintech or Healthcare)
• Hands-on experience with S-SDLC automation, including SAST, DAST, IAST, and SCA integration.
• Familiarity with global compliance standards such as PCI DSS, SOC2, HIPAA, and FedRAMP.
• The ability to translate complex security risks into business impact for executive stakeholders while maintaining deep technical credibility with engineers.

Responsibilities

• Own the overall strategy and roadmap for the Product Security and Security Engineering programs.
• Develop and scale a "shift left" security culture by integrating automated security tooling and "Security as Code" solutions directly into the IDE / CI.
• Oversee the design and implementation of highly scalable security frameworks for authentication, authorization, and encryption, including cutting-edge transitions to Passkeys.
• Secure the next generation of Navan products, specifically focusing on the security implications of LLM-integrated natural language interfaces and AI-driven workflows.
• Act as a key liaison between Security, Engineering, and Product teams to drive risk remediation and ensure "Security by Design".
• Recruit, mentor, and manage high-performing teams, including the development of Red Team and PSIRT functions.
• Drive visibility into application vulnerabilities and technical debt, ensuring clear prioritization and pragmatic remediation.