Sr. Security Engineer, Incident Response

<div>At Navan, you will serve as the technical lead for our incident response lifecycle, driving the containment and remediation of security threats across our multi-cloud infrastructure, products, and operational environments. You will balance hands-on technical investigations with the leadership required to coordinate response efforts, leveraging a modern security stack to protect our global travel and expense platform.</div> <div><br><strong>What You’ll Do:</strong></div> <ul> <li><strong>Incident Response Leadership:</strong> <strong>Act as the primary Incident Lead during high-severity events.</strong> Own the end-to-end response lifecycle: driving triage, containment, evidence capture, and post-incident root-cause analysis.</li> <li><strong>Automation &amp; SOAR Engineering:</strong> Use <strong>Tines</strong> to build and design workflows that automate triage, enrichment, and containment actions, significantly reducing operational toil and improving time-to-contain.</li> <li><strong>Detection &amp; Endpoint Monitoring:</strong> Manage and fine-tune detection rule lifecycles utilizing <strong>CrowdStrike EDR and SIEM/SOAR capabilities</strong> to maintain high-precision, low-latency coverage against modern adversary tradecraft.</li> <li><strong>Data Protection &amp; Visibility:</strong> Monitor and respond to data risks across endpoints, identity, and SaaS applications using <strong>Cyberhaven DLP</strong>. Identify gaps in IAM and vulnerability management and advocate for direct fixes.</li> <li><strong>Architecture Partnership:</strong> Partner with infrastructure owners to ensure new systems ship across <strong>all cloud environments</strong> with the right telemetry, encryption, authentication, and response playbooks from day one.</li> <li><strong>Emergent Threats:</strong> Evaluate and design response strategies for frontier security concerns, such as automated agents or bots operating across infrastructure at scale.</li> <li><strong>On-Call Rotation:</strong> <strong>Actively participate in the scheduled Incident Response on-call rotation</strong>, ensuring reliable coverage and operational readiness for emergent threats.</li> </ul> <p><strong>What We’re Looking For:</strong></p> <ul> <li>5+ years of experience in a dedicated Incident Response, SOC, or Security Engineering role, with a proven track record of leading high-severity incident containment in fast-paced environments</li> <li>Strong familiarity with the MITRE ATT&amp;CK framework, modern adversary tactics, techniques, and procedures (TTPs), and common attack vectors targeting SaaS platforms</li> <li>Proven experience managing and tuning detection logic within <strong>CrowdStrike Falcon</strong> (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms.</li> <li style="font-weight: 400;">Excellent leadership skills with the ability to remain calm under pressure, coordinate cross-functional teams (Engineering, Legal, PR), and clearly communicate complex technical risks to stakeholders.</li> </ul><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>The posted pay range represents the&nbsp;anticipated&nbsp;low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.<br><br>For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.</p></div><div class="title">Pay Range</div><div class="pay-range"><span>$113,400</span><span class="divider">&mdash;</span><span>$252,000 USD</span></div></div></div>