Senior Security Engineer, Application Security at Postman

San Francisco, California, United States

Apply Now
Postman Logo
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, SoftwareIndustries

Requirements

  • Experience working as a Senior Security Engineer with deep involvement in securing modern web Applications and APIs
  • Experience conducting threat modeling, security reviews and risk assessments
  • Solid project management experience leading initiatives that have measurably improved the security of organizations
  • Proficient in one or more high-level programming languages
  • Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems
  • Experience securing Data to meet various privacy framework and regulation requirements
  • Deep understanding and experience in securing AWS environments
  • Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum
  • Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies)
  • Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT

Responsibilities

  • Mentor junior security engineers and security champions on security best practices and techniques
  • Improve our security tooling and processes
  • Conduct security talks and training sessions
  • Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them
  • Write and review technical proposals, architectural diagrams, application code and IaC
  • Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives
  • Reduce manual security review efforts by improving our tooling and processes
  • Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments
  • Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts
  • Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements
  • Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities

Skills

Key technologies and capabilities for this role

Application SecurityWeb SecurityCloud Infrastructure SecurityIaCAutomated TestingManual TestingVulnerability AssessmentSecurity ToolingSecurity ArchitecturePenetration Testing

Questions & Answers

Common questions about this position

What is the salary for this Senior Security Engineer position?

This information is not specified in the job description.

Is this role remote or does it require working from an office?

This information is not specified in the job description.

What skills and experience are required for this role?

Required experience includes working as a Senior Security Engineer securing modern web applications and APIs, conducting threat modeling, security reviews and risk assessments, solid project management leading security improvements, proficiency in high-level programming languages, and deep knowledge of securing AWS environments.

What is the company culture like at Postman?

Postman emphasizes collaboration, simplifying the API lifecycle, and enabling developers to create better APIs faster, with a global presence headquartered in San Francisco and an office in Bangalore.

What makes a strong candidate for this Senior Security Engineer role?

Strong candidates have senior-level experience securing web apps and APIs, expertise in threat modeling and AWS security, proficiency in programming and developer tools like Github and CI/CD, and a track record of leading security improvements through project management.

Postman

API development and collaboration platform

Website

About Postman

Postman provides a platform for API development that helps developers and organizations design, test, document, and monitor APIs. The tools available on Postman enable teams to collaborate effectively, allowing them to share and manage APIs with ease. Users can access a variety of features through a subscription model, which includes different pricing tiers for individuals, small teams, and large enterprises, along with a free tier to attract new users. Postman has played a significant role in facilitating data exchange during the COVID-19 pandemic by offering API collections that provide real-time data for healthcare professionals, researchers, and government agencies. The company's goal is to streamline the API development process and enhance collaboration among development teams.

San Francisco, CaliforniaHeadquarters
2014Year Founded
$422.2MTotal Funding
SERIES_DCompany Stage
Enterprise Software, HealthcareIndustries
1,001-5,000Employees

Benefits

Accidental Death & Dismemberment Insurance.
Dental Insurance.
Disability Insurance.
Flexible Spending Account (FSA)
Health Savings Account (HSA)
Life Insurance.
Mental Health Care.
Occupational Accident Insurance.

Risks

Rapid adoption of generative AI tools could increase competition for Postman.
Explosive API growth may challenge Postman's API management capabilities by 2025.
Data breaches due to exposed API secrets pose a significant security risk.

Differentiation

Postman offers a comprehensive API development environment for developers and enterprises.
The platform supports API-first development, automated testing, and developer onboarding.
Postman's subscription model caters to individual developers, small teams, and large enterprises.

Upsides

Postman's acquisition of Orbit enhances community engagement on the API Network.
Release of Postman v11 aligns with AI integration trends, boosting developer productivity.
Gartner predicts 80% of enterprises will use generative AI APIs by 2026.

Related Jobs

United States
Remote iconRemote

Senior Security Engineer, Application Security

Trail of Bits
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Application Security Lead

Accurate Background
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
United States
Remote iconRemote

Principal Security Engineer

Eli Lilly and Company
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
Remote
Remote iconRemote

Senior Engineer, App Security

Healthie
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Remote
Remote iconRemote

Senior DevSecOps Engineer

Oddball
Salary not specified
San Francisco
Remote iconRemote

Security Architect

Earnest
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Remote
Remote iconRemote

Senior Manager, Application Security

Included Health
$180,000 - $250,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Senior Cloud & Application Security Engineer

Dataminr
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Mountain View +1 more
Remote iconRemote

Senior Software Security Engineer

Muon Space
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
Colorado
Remote iconRemote

Senior System Software Engineer - DevSecOps  

NVIDIA
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)

Land your dream remote job 3x faster with AI

Try Jobo Free