AppSec Jobs
← Back to all jobs

Navan

Director, Software Engineering - Security

Austin, TXWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Navan

Navan is a technology company based in Palo Alto, California, specializing in corporate travel and expense management. Founded in 2015, Navan provides an integrated platform that simplifies business travel booking, expense reporting, and corporate card program integration for enterprises around the world. The company has expanded its presence to over 50 global offices, including locations in Europe and India. Navan offers several key products, including Navan Travel, an AI-powered booking platform that personalizes travel options based on company policies and traveler preferences. Navan Expense automates expense reporting and reimbursement processes, making it easier for employees and finance teams. Additionally, Navan Connect integrates corporate payment cards with the travel and expense platform, allowing for seamless management of expenses. With a focus on user-friendly experiences and compliance, Navan serves a diverse range of clients, including major corporations like Unilever, Wayfair, and Zoom.

Industry

information technology & services

Employees

3,400

251 engineers

Revenue

$300M

Website

Visit →

Security at Navan

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Navan's AppSec mission involves collaborating closely with the development team and implementing a shift-left security approach.
  • Ongoing application security training is mandatory for their developers.
  • Their risk philosophy aims to reduce noise, ensure accuracy, and determine the most critical risks.
  • Stated goals include understanding the overall company operations and a hands-on approach to looking at source code.

Security Team

Key Public-Facing Leaders: Tarik Ghbeish, Manager of Application Security / Staff Security Engineer - Traceable case study: Navan (https://www.traceable.ai/customer-stories/navan), Apiiro case study / Case Study PDF (https://apiiro.com/wp-content/uploads/2022/08/TripActions-Case-Study.pdf), LinkedIn profile: Tarik Ghbeish (https://www.linkedin.com/in/tarikghbeish). Org Structure & Reporting Line: The AppSec team reports to the Sr Director of Trust and Security - Indeed job posting (Staff Fullstack Software Engineer - Security) (https://www.indeed.com/viewjob?jk=3d1b1b57a96c1054). Team Size Estimate (as_of: 2025-12): Information not publicly available. Active AppSec Job Postings (as_of: 2025-12): One job posting found for 'Staff Fullstack Software Engineer - Security'. Common Skill/Tool Patterns: 'Integration of Security testing tools into CI pipelines' - Indeed job posting (Staff Fullstack Software Engineer - Security) (https://www.indeed.com/viewjob?jk=3d1b1b57a96c1054).

Key Initiatives

  • Security Champions Program: No Evidence Found.
  • Shift Left in Practice: Navan is implementing a shift-left security approach - Apiiro case study / Case Study PDF (https://apiiro.com/wp-content/uploads/2022/08/TripActions-Case-Study.pdf).
  • They incorporated Traceable into their Product Readiness Review process - Traceable case study: Navan (https://www.traceable.ai/customer-stories/navan).
  • Integration of Security testing tools into CI pipelines is a responsibility - Indeed job posting (Staff Fullstack Software Engineer - Security) (https://www.indeed.com/viewjob?jk=3d1b1b57a96c1054).
  • Vulnerability Management Process: Intake includes annual penetration testing - Navan Security page (https://navan.com/security).
  • These tests have found vulnerabilities in 50+ APIs - Traceable case study: Navan (https://www.traceable.ai/customer-stories/navan).
  • Triage/Remediation aims to reduce noise, ensure accuracy, and determine the most critical risks - Apiiro case study / Case Study PDF (https://apiiro.com/wp-content/uploads/2022/08/TripActions-Case-Study.pdf).
  • Secure SDLC Artifacts: Annual penetration testing is conducted - Navan Security page (https://navan.com/security).
  • Ongoing application security training is mandatory for developers - Navan Security page (https://navan.com/security).
  • Traceable is incorporated into their Product Readiness Review process - Traceable case study: Navan (https://www.traceable.ai/customer-stories/navan).
  • Recent Initiatives (Last 6 Months): Navan adopted Apiiro's Cloud Application Security Platform - Apiiro case study / Case Study PDF (https://apiiro.com/wp-content/uploads/2022/08/TripActions-Case-Study.pdf).
  • They decided that with Traceable testing in place, they didn't need to get a DAST - Traceable case study: Navan (https://www.traceable.ai/customer-stories/navan).

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.