Job Description
What You’ll Do:
- Incident Response Leadership: Act as the primary Incident Lead during high-severity events. Own the end-to-end response lifecycle: driving triage containment evidence capture and post-incident root-cause analysis.
- Automation & SOAR Engineering: Use Tines to build and design workflows that automate triage enrichment and containment actions significantly reducing operational toil and improving time-to-contain.
- Detection & Endpoint Monitoring: Manage and fine-tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high-precision low-latency coverage against modern adversary tradecraft.
- Data Protection & Visibility: Monitor and respond to data risks across endpoints identity and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes.
- Architecture Partnership: Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry encryption authentication and response playbooks from day one.
- Emergent Threats: Evaluate and design response strategies for frontier security concerns such as automated agents or bots operating across infrastructure at scale.
- On-Call Rotation: Actively participate in the scheduled Incident Response on-call rotation ensuring reliable coverage and operational readiness for emergent threats.
What We’re Looking For:
- 5+ years of experience in a dedicated Incident Response SOC or Security Engineering role with a proven track record of leading high-severity incident containment in fast-paced environments
- Strong familiarity with the MITRE ATT&CK framework modern adversary tactics techniques and procedures (TTPs) and common attack vectors targeting SaaS platforms
- Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms.
- Excellent leadership skills with the ability to remain calm under pressure coordinate cross-functional teams (Engineering Legal PR) and clearly communicate complex technical risks to stakeholders.
For roles with on-target-earnings (OTE) the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
Skills Required
- 5+ years in Incident Response SOC or Security Engineering roles with high-severity incident leadership
- Strong familiarity with the MITRE ATT&CK framework and adversary TTPs
- Proven experience managing and tuning detection logic in CrowdStrike Falcon or equivalent EDR/XDR
- Experience with enterprise SIEM and SOAR platforms
- Experience building automation workflows in Tines (SOAR/automation engineering)
- Experience with Cyberhaven DLP or similar data loss prevention tools
- Experience securing and instrumenting multi-cloud environments including telemetry encryption IAM and vulnerability management
- Demonstrated leadership and cross-functional coordination skills; calm under pressure and clear technical communication
- Willingness to participate in scheduled incident response on-call rotation
What the Team is Saying











Navan Compensation & Benefits Highlights
- Healthcare Strength—The package includes medical dental and vision coverage for employees and dependents along with mental health resources such as Headspace. Additional protections like disability and life insurance and options like FSA are described.
- Parental & Family Support—Paid parental leave is specified as 16 weeks for the birthing parent and 10 weeks for the non‑birthing parent with family medical leave also available. Supportive amenities such as an onsite Mother’s Room and company‑sponsored family events are included.
- Leave & Time Off Breadth—Flexible/unlimited vacation and generous PTO structures are highlighted alongside paid holidays and sick time. Bereavement leave is also offered across many locations.
Navan Insights
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel payments and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation with 24/7 support along the way Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan we’re never satisfied with the status quo and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model which we define as four days a week in-office.
Similar Jobs
Navan
Regional Director Mid-Market Sales
Navan
Account Manager
Navan
Tax Manager
Explore More
Date Posted
07/03/2026
Views
0