Senior Corporate Security Engineer, IAM

About Us

Navan is a modern, dynamic SaaS company revolutionizing the way businesses manage travel and expenses. With offices around the world, we are committed to creating seamless and innovative solutions for our clients. Our team is dedicated to fostering a collaborative and inclusive environment where everyone's contributions are valued.

Role Overview

We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting-edge security solutions, and collaborating with various teams to enhance our overall security posture.

• Manage Workforce IAM and Identity Governance: Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands-on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero-trust security posture for all corporate resources.
• Federate and Configure Application Access: Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra ID, for single sign-on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning.
• Secure Devices and Endpoints: Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, macOS devices with Jamf, and ChromeOS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats.
• Manage Endpoint Detection and Response (EDR): Lead the deployment, administration, and tuning of our EDR platform, specifically the CrowdStrike Falcon suite. Your responsibilities will include leveraging products like Falcon Insight for incident investigation, Falcon Prevent for next-gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints.
• Implement Zero Trust Network Access: Design and deploy Zero Trust security models to enhance network security and safeguard company resources.
• Deploy Data Loss Prevention Solutions: Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box.
• Enable Large-Scale Endpoint Management: Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, macOS, ChromeOS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface.
• Orchestrate Security Posture Checks: Automate security checks for all new infrastructure deployments to ensure compliance with security standards.
• Implement Endpoint State Attestation: Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints.
• Scale Proactive Security Controls: Extend security measures to new environments, including those acquired through mergers or acquisitions.
• Stay Current with Industry Trends: Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities.
• Develop Custom Security Solutions: Contribute to the development of custom and open-source security tools tailored to our needs.

• Experience: Minimum of 5 years of experience in corporate security engineering within a SaaS or similar environment.
• Technical Expertise:
• Expert-level proficiency with the Okta platform for workforce Identity and Access Management (SSO, MFA, IGA) Okta Certification is a strong plus.
• Demonstrated experience designing and implementing complex access management automation and workflows, with a strong preference for candidates skilled in Okta Access Requests and Okta Workflows.
• Strong knowledge of securing devices and endpoints, including hands-on experience with Mobile Device Management platforms like Microsoft Intune.
• Familiarity with Microsoft Entra ID in hybrid or multi-cloud environments.
• Experience with securing Google Workspace and Microsoft 365/Enterprise Suite.
• Hands-on experience implementing an enterprise zero trust network access solution such as ZScaler is a strong plus.
• Understanding of Zero Trust Network Access models.
• Experience with infrastructure management tools (Puppet, Chef, Ansible, Terraform).
• Knowledge of Data Loss Prevention strategies in SaaS applications.
• Experience with vulnerability management tools and methodologies.
• Automation Mindset: Passion for automating processes to improve efficiency and scalability.
• Communication Skills: Ability to effectively communicate complex security concepts to technical and non-technical stakeholders, including collaboration with the physical security team.
• Problem-Solving Abilities: Demonstrated ability to identify security risks and develop effective mitigation strategies.
• Certifications:
• Highly Desirable: Okta Certified Professional or Higher, Microsoft Security Certifications
• Nice to Have: CISSP, CISM, or similar security certifications.
• Education: Bachelor's degree in Computer Science, Information Security, or a related field preferred.

Why Navan?

• Innovative Environment: Be part of a team that's shaping the future of business travel and expense management.
• Global Impact: Work on projects that have a worldwide reach and influence.
• Collaborative Culture: Join a diverse team where your ideas and contributions make a difference.
• Professional Growth: Opportunities for learning and development to advance your career.
• Comprehensive Benefits: Competitive salary, health benefits, and other perks.