Senior Security Engineer, Application Security
Trail of BitsSalary not specified
Full Time
Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, SoftwareIndustries
Requirements
- Experience working as a Senior Security Engineer with deep involvement in securing modern web Applications and APIs
- Experience conducting threat modeling, security reviews and risk assessments
- Solid project management experience leading initiatives that have measurably improved the security of organizations
- Proficient in one or more high-level programming languages
- Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems
- Experience securing Data to meet various privacy framework and regulation requirements
- Deep understanding and experience in securing AWS environments
- Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum
- Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies)
- Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT
Responsibilities
- Mentor junior security engineers and security champions on security best practices and techniques
- Improve our security tooling and processes
- Conduct security talks and training sessions
- Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them
- Write and review technical proposals, architectural diagrams, application code and IaC
- Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives
- Reduce manual security review efforts by improving our tooling and processes
- Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments
- Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts
- Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements
- Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities
Skills
Application Security
Web Security
Cloud Infrastructure Security
IaC
Automated Testing
Manual Testing
Vulnerability Assessment
Security Tooling
Security Architecture
Penetration Testing
Postman
API development and collaboration platform
About Postman
Postman provides a platform for API development that helps developers and organizations design, test, document, and monitor APIs. The tools available on Postman enable teams to collaborate effectively, allowing them to share and manage APIs with ease. Users can access a variety of features through a subscription model, which includes different pricing tiers for individuals, small teams, and large enterprises, along with a free tier to attract new users. Postman has played a significant role in facilitating data exchange during the COVID-19 pandemic by offering API collections that provide real-time data for healthcare professionals, researchers, and government agencies. The company's goal is to streamline the API development process and enhance collaboration among development teams.
San Francisco, CaliforniaHeadquarters
2014Year Founded
$422.2MTotal Funding
SERIES_DCompany Stage
Enterprise Software, HealthcareIndustries
1,001-5,000Employees
Benefits
Accidental Death & Dismemberment Insurance.
Dental Insurance.
Disability Insurance.
Flexible Spending Account (FSA)
Health Savings Account (HSA)
Life Insurance.
Mental Health Care.
Occupational Accident Insurance.
Risks
Rapid adoption of generative AI tools could increase competition for Postman.
Explosive API growth may challenge Postman's API management capabilities by 2025.
Data breaches due to exposed API secrets pose a significant security risk.
Differentiation
Postman offers a comprehensive API development environment for developers and enterprises.
The platform supports API-first development, automated testing, and developer onboarding.
Postman's subscription model caters to individual developers, small teams, and large enterprises.
Upsides
Postman's acquisition of Orbit enhances community engagement on the API Network.
Release of Postman v11 aligns with AI integration trends, boosting developer productivity.
Gartner predicts 80% of enterprises will use generative AI APIs by 2026.
Related Jobs
RemoteRemoteApplication Security Lead
Accurate BackgroundSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemotePrincipal Security Engineer
Eli Lilly and CompanySalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Engineer, App Security
HealthieSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior DevSecOps Engineer
OddballSalary not specified
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Manager, Application Security
Included Health$180,000 - $250,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSenior Cloud & Application Security Engineer
DataminrSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior System Software Engineer - DevSecOps
NVIDIASalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)