Sr. Security Engineer, Incident Response

At Navan, you will serve as the technical lead for our incident response lifecycle, driving the containment and remediation of security threats across our multi‑cloud infrastructure, products, and operational environments. You will balance hands‑on technical investigations with the leadership required to coordinate response efforts, leveraging a modern security stack to protect our global travel and expense platform. What You’ll Do: Incident Response Leadership: Act as the primary Incident Lead during high‑severity events. Own the end‑to‑end response lifecycle: driving triage, containment, evidence capture, and post‑incident root‑cause analysis. Automation & SOAR Engineering: Use Tines to build and design workflows that automate triage, enrichment, and containment actions, significantly reducing operational toil and improving time‑to‑contain. Detection & Endpoint Monitoring: Manage and fine‑tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high‑precision, low‑latency coverage against modern adversary tradecraft. Data Protection & Visibility: Monitor and respond to data risks across endpoints, identity, and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes. Architecture Partnership: Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry, encryption, authentication, and response playbooks from day one. Emergent Threats: Evaluate and design response strategies for frontier security concerns, such as automated agents or bots operating across infrastructure at scale. On‑Call Rotation: Actively participate in the scheduled Incident Response on‑call rotation, ensuring reliable coverage and operational readiness for emergent threats. What We’re Looking For: 5+ years of experience in a dedicated Incident Response, SOC, or Security Engineering role, with a proven track record of leading high‑severity incident containment in fast‑paced environments. Strong familiarity with the MITRE ATT&CK framework, modern adversary tactics, techniques, and procedures (TTPs), and common attack vectors targeting SaaS platforms. Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms. Excellent leadership skills with the ability to remain calm under pressure, coordinate cross‑functional teams (Engineering, Legal, PR), and clearly communicate complex technical risks to stakeholders. Pay Range: $113,400 – $252,000 USD Equal Opportunity Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring. Accommodations Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law. #J-18808-Ljbffr Traveltechessentialist