Sr. Security Engineer, Incident Response
Job Location:
San Francisco, CA - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
At Navan you will serve as the technical lead for our incident response lifecycle driving the containment and remediation of security threats across our multi-cloud infrastructure products and operational environments. You will balance hands-on technical investigations with the leadership required to coordinate response efforts leveraging a modern security stack to protect our global travel and expense platform.
What Youll Do:
- Incident Response Leadership: Act as the primary Incident Lead during high-severity events. Own the end-to-end response lifecycle: driving triage containment evidence capture and post-incident root-cause analysis.
- Automation & SOAR Engineering: Use Tines to build and design workflows that automate triage enrichment and containment actions significantly reducing operational toil and improving time-to-contain.
- Detection & Endpoint Monitoring: Manage and fine-tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high-precision low-latency coverage against modern adversary tradecraft.
- Data Protection & Visibility: Monitor and respond to data risks across endpoints identity and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes.
- Architecture Partnership: Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry encryption authentication and response playbooks from day one.
- Emergent Threats: Evaluate and design response strategies for frontier security concerns such as automated agents or bots operating across infrastructure at scale.
- On-Call Rotation: Actively participate in the scheduled Incident Response on-call rotation ensuring reliable coverage and operational readiness for emergent threats.
What Were Looking For:
- 5 years of experience in a dedicated Incident Response SOC or Security Engineering role with a proven track record of leading high-severity incident containment in fast-paced environments
- Strong familiarity with the MITRE ATT&CK framework modern adversary tactics techniques and procedures (TTPs) and common attack vectors targeting SaaS platforms
- Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms.
- Excellent leadership skills with the ability to remain calm under pressure coordinate cross-functional teams (Engineering Legal PR) and clearly communicate complex technical risks to stakeholders.
Required Experience:
Senior IC
About Company
Streamline your corporate travel management and expense processes in one app. Save time, gain efficiency, and reduce costs with this powerful, all-in-one solution.