At Navan, you will build and evolve Detection & Response (D&R) capabilities across our infrastructure, products, and research environments. This role focuses on high-signal detection and reliable operational response to ensure the security of our global travel and expense platform.
What You’ll Do:
Detection Engineering: Build and manage the lifecycle of detection rules, focusing on measurement/quality loops (coverage, precision, latency) and safe rollout patterns.
Automated Response: Build workflows that reduce toil (triage, enrichment, containment) using SIEM tools (e.g., Splunk, Sentinel), EDR/XDR, and automation to improve time-to-contain.
Incident Management: Actively participate in the Incident Response lifecycle. You will detect, analyze, and remediate security threats and participate in a scheduled on-call rotation.
Secure Architecture: Partner with infrastructure owners to ensure new systems ship with the right telemetry, encryption, authentication, and response playbooks from day one.
Visibility & Governance: Drive visibility across endpoints, identity, SaaS, and cloud; identify gaps in IAM and vulnerability management and advocate for direct fixes.
Emergent Threats: Evaluate and respond to frontier security concerns, such as detection strategies for automated agents operating across infrastructure at scale.
What We’re Looking For:
Technical Foundation: Deep knowledge of network, cloud, and endpoint security, with hands-on experience in firewalls and vulnerability management.
Operational Experience: Direct experience in Incident Response (IR). You are comfortable performing log analysis, threat hunting, and forensics while applying the MITRE ATT&CK framework.
Threat Modeling: Ability to evaluate new features, identify "what could go wrong," and turn those risks into concrete telemetry and response requirements.
Multi-Cloud Proficiency: Experience across major platforms (Azure, AWS, GCP, OCI) and the ability to design cloud-agnostic detection approaches.
Automation Mindset: Passion for replacing repetitive work with automation and scripting; you enjoy using AI/agent tooling to accelerate investigations.
