Senior Corporate Security Engineer, IAM

Navan is a modern, dynamic SaaS company revolutionizing the way businesses manage travel and expenses. With offices around the world, we are committed to creating seamless and innovative solutions for our clients. Our team is dedicated to fostering a collaborative and inclusive environment where everyone's contributions are valued.

We are seeking a Senior Corporate Security Engineer to join our team. This role is integral to ensuring the security of our corporate environment across all devices, applications, and networks. The ideal candidate will have a deep understanding of enterprise IT security within a modern SaaS company and will be passionate about automating and scaling security processes. You will work on securing our corporate infrastructure, implementing cutting‑edge security solutions, and collaborating with various teams to enhance our overall security posture.

• Manage Workforce IAM and Identity Governance:
  Lead the management and optimization of our Workforce IAM and Identity Governance systems, demonstrating deep, hands‑on knowledge across the entire Okta platform. You will be responsible for designing and enforcing granular authentication policies, managing the full lifecycle of application access through Okta Access Requests and Entitlements, and leveraging Okta Device Trust to establish a zero‑trust security posture for all corporate resources.
• Federate and Configure Application Access:
  Integrate a wide range of SaaS and custom applications into our identity platforms, Okta and Microsoft Entra , for single sign‑on. This requires a strong technical understanding of modern federation protocols including SAML 2.0, OpenID Connect, and SCIM for automated user provisioning.
• Secure Devices and Endpoints:
  Develop and implement comprehensive security strategies for a diverse fleet of corporate devices. This includes managing Windows endpoints with Microsoft Intune, macOS devices with Jamf, and Chrome
  
  OS devices via the Google Admin console, ensuring all endpoints are protected against unauthorized access and threats.
• Manage Endpoint Detection and Response (EDR):
  Lead the deployment, administration, and tuning of our EDR platform, specifically the Crowd Strike Falcon suite. Your responsibilities will include leveraging products such as Falcon Insight for incident investigation, Falcon Prevent for next‑gen antivirus, and proactive threat hunting to identify and neutralize advanced threats on corporate endpoints.
• Implement Zero Trust Network Access:
  Design and deploy Zero Trust security models to enhance network security and safeguard company resources.
• Deploy Data Loss Prevention Solutions:
  Implement DLP strategies focusing on protecting PII and PCI data within SaaS applications like Google Workspace, Salesforce, and Box.
• Enable Large‑Scale Endpoint Management:
  Oversee the deployment and maintenance of secure operating systems and platforms at scale. A key responsibility is to implement and manage a robust patch management strategy across all corporate operating systems (Windows, macOS, Chrome
  
  OS), ensuring timely remediation of vulnerabilities to reduce the company's attack surface.
• Orchestrate Security Posture Checks:
  Automate security checks for all new infrastructure deployments to ensure compliance with security standards.
• Implement Endpoint State Attestation:
  Deploy tooling, such as Microsoft Entra Conditional Access and Intune compliance policies, to continuously validate the security state of endpoints.
• Scale Proactive Security Controls:
  Extend security measures to new environments, including those acquired through mergers or acquisitions.
• Stay Current with Industry Trends:
  Keep abreast of the latest security threats, technologies, and trends to proactively address potential vulnerabilities.
• Develop Custom Security Solutions:
  Contribute to the development of custom and open‑source security tools tailored to our needs.

• Experience:
  
  Minimum of 5 years of experience in corporate security engineering within a SaaS or similar environment.
• Technical Expertise:
  • Expert‑level proficiency with the Okta platform for…