Application Security Lead
Accurate BackgroundSalary not specified
Full Time
Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Enterprise Software, BiotechnologyIndustries
Requirements
Candidates should have experience as a Senior Security Engineer with deep involvement in securing modern web applications and APIs. They must also have experience conducting threat modeling, security reviews, and risk assessments, along with solid project management experience leading initiatives that have measurably improved organizational security. Proficiency in one or more high-level programming languages is required, as is proficiency with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems. Experience securing data to meet various privacy framework and regulation requirements, deep understanding and experience in securing AWS environments, and experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC are also necessary. A strong understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies) and various authentication/authorization protocols (e.g., OAuth, SAML and JWT) is essential.
Responsibilities
The Senior Security Engineer will mentor junior Security Engineers and Security Champions on security best practices and techniques. They will improve security tooling and processes, conduct security talks and training sessions, and identify critical flaws and weaknesses in web applications, services, and cloud infrastructure, then design and implement strategic solutions to remediate them. Responsibilities also include writing and reviewing technical proposals, architectural diagrams, application code, and IaC, and using automated and manual testing techniques to understand the environment and reduce false negatives. The role involves reducing manual security review efforts by improving tooling and processes, enhancing the scope of assessments by adding new techniques and vulnerability categories, and consolidating and tracking vulnerabilities across the organization and supply chain. Additionally, they will review and define requirements for developing and deploying secure products, create guidelines and standards to meet these requirements, and work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.
Skills
Security tooling
Web application security
Cloud security
Infrastructure as Code (IaC)
Vulnerability assessments
Automated testing
Manual testing
Security architecture
Secure design review
Mentoring
Security training
Postman
API development and collaboration platform
About Postman
Postman provides a platform for API development that helps developers and organizations design, test, document, and monitor APIs. The tools available on Postman enable teams to collaborate effectively, allowing them to share and manage APIs with ease. Users can access a variety of features through a subscription model, which includes different pricing tiers for individuals, small teams, and large enterprises, along with a free tier to attract new users. Postman has played a significant role in facilitating data exchange during the COVID-19 pandemic by offering API collections that provide real-time data for healthcare professionals, researchers, and government agencies. The company's goal is to streamline the API development process and enhance collaboration among development teams.
San Francisco, CaliforniaHeadquarters
2014Year Founded
$422.2MTotal Funding
SERIES_DCompany Stage
Enterprise Software, HealthcareIndustries
1,001-5,000Employees
Benefits
Accidental Death & Dismemberment Insurance.
Dental Insurance.
Disability Insurance.
Flexible Spending Account (FSA)
Health Savings Account (HSA)
Life Insurance.
Mental Health Care.
Occupational Accident Insurance.
Risks
Rapid adoption of generative AI tools could increase competition for Postman.
Explosive API growth may challenge Postman's API management capabilities by 2025.
Data breaches due to exposed API secrets pose a significant security risk.
Differentiation
Postman offers a comprehensive API development environment for developers and enterprises.
The platform supports API-first development, automated testing, and developer onboarding.
Postman's subscription model caters to individual developers, small teams, and large enterprises.
Upsides
Postman's acquisition of Orbit enhances community engagement on the API Network.
Release of Postman v11 aligns with AI integration trends, boosting developer productivity.
Gartner predicts 80% of enterprises will use generative AI APIs by 2026.
Related Jobs
RemoteRemoteSenior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Application Security Engineer (Remote US)
ExpediaSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Engineer, App Security
HealthieSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteQA Automation Engineer, API / Security
Keeper SecuritySalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Cloud & Application Security Engineer
DataminrSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteDevSecOps Engineer
OddballSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteApplication Security Architect
WorkwaveSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteApplication Security Engineer (Senior level)
KustomerSalary not specified
- Full Time
- Senior (5 to 8 years)