Navan has transformed the corporate travel, payment, and expense landscape by consistently prioritizing user needs and leveraging innovative, AI-powered solutions. We are seeking a Sr. Manager of Product Security to lead, mentor, and scale a team of product security engineers. This is a highly technical, hands-on leadership role focused on securing our products by integrating security throughout the SDLC and fostering a 'shift left' security culture. You will be responsible for building strong partnerships with engineering and product teams to accelerate secure software releases at scale.

What You’ll Do:

• Lead, coach, and guide a team of product security engineers, providing mentorship and technical guidance.
• Act as a hands-on technical leader for high-impact security initiatives across our portfolio you will be responsible for Security Architecture for all our products and AI initiatives.
• Guide the team in performing comprehensive threat modeling and security reviews.
• Design and develop security tools, automation, and custom solutions to continuously improve the S-SDLC.
• Partner with engineering and product teams to drive security ownership and accountability.
• Help build and mature our Red Team and PSIRT functions.

What We’re Looking For:

• Proven experience leading and managing a team of security engineers.
• 8-10 years of technical product security experience, with a strong focus on SDLC tooling, automation, and remediation.
• Expertise in performing threat modeling, architecture reviews, and penetration testing for complex applications, including those within financial or healthcare environments.
• Deep, hands-on knowledge of security for distributed systems at scale.
• In-depth understanding of modern Authentication and Authorization protocols (SAML, OIDC, RBAC//REBAC).
• Experience with Agile development in a containerized, microservices environment.
• Proficiency with cloud (AWS), security testing tools (SAST, DAST, etc.), and CI/CD pipelines.
• Published contributions to the security community.
• Knowledge of compliance standards like PCI DSS and SOC2.
• Experience in fast-paced, small team environments, delivering outsized impact.