Detection and Response Engineer at Navan

<p>At Navan, you will build and evolve Detection &amp; Response (D&amp;R) capabilities across our infrastructure, products, and research environments. This role focuses on high-signal detection and reliable operational response to ensure the security of our global travel and expense platform.</p> <p><strong>What You’ll Do:</strong></p> <ul> <li><strong>Detection Engineering:</strong> Build and manage the lifecycle of detection rules, focusing on measurement/quality loops (coverage, precision, latency) and safe rollout patterns.</li> <li><strong>Automated Response:</strong> Build workflows that reduce toil (triage, enrichment, containment) using SIEM tools (e.g., Splunk, Sentinel), EDR/XDR, and automation to improve time-to-contain.</li> <li><strong>Incident Management:</strong> <strong>Actively participate in the Incident Response lifecycle.</strong> You will detect, analyze, and remediate security threats and <strong>participate in a scheduled on-call rotation.</strong></li> <li><strong>Secure Architecture:</strong> Partner with infrastructure owners to ensure new systems ship with the right telemetry, encryption, authentication, and response playbooks from day one.</li> <li><strong>Visibility &amp; Governance:</strong> Drive visibility across endpoints, identity, SaaS, and cloud; identify gaps in IAM and vulnerability management and advocate for direct fixes.</li> <li><strong>Emergent Threats:</strong> Evaluate and respond to frontier security concerns, such as detection strategies for automated agents operating across infrastructure at scale.&nbsp;</li> </ul> <p><strong>What We’re Looking For:</strong></p> <ul> <li><strong>Technical Foundation:</strong> Deep knowledge of network, cloud, and endpoint security, with hands-on experience in firewalls and vulnerability management.</li> <li><strong>Operational Experience:</strong> <strong>Direct experience in Incident Response (IR).</strong> You are comfortable performing log analysis, threat hunting, and forensics while applying the MITRE ATT&amp;CK framework.</li> <li><strong>Threat Modeling:</strong> Ability to evaluate new features, identify "what could go wrong," and turn those risks into concrete telemetry and response requirements.</li> <li><strong>Multi-Cloud Proficiency:</strong> Experience across major platforms (Azure, AWS, GCP, OCI) and the ability to design cloud-agnostic detection approaches.</li> <li><strong>Automation Mindset:</strong> Passion for replacing repetitive work with automation and scripting; you enjoy using AI/agent tooling to accelerate investigations.</li> </ul>