Application Security Lead
Accurate BackgroundFull Time
Expert & Leadership (9+ years)
Candidates should have experience as a Senior Security Engineer with deep involvement in securing modern web applications and APIs. They must also have experience conducting threat modeling, security reviews, and risk assessments, along with solid project management experience leading initiatives that have measurably improved organizational security. Proficiency in one or more high-level programming languages is required, as is proficiency with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems. Experience securing data to meet various privacy framework and regulation requirements, deep understanding and experience in securing AWS environments, and experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC are also necessary. A strong understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies) and various authentication/authorization protocols (e.g., OAuth, SAML and JWT) is essential.
The Senior Security Engineer will mentor junior Security Engineers and Security Champions on security best practices and techniques. They will improve security tooling and processes, conduct security talks and training sessions, and identify critical flaws and weaknesses in web applications, services, and cloud infrastructure, then design and implement strategic solutions to remediate them. Responsibilities also include writing and reviewing technical proposals, architectural diagrams, application code, and IaC, and using automated and manual testing techniques to understand the environment and reduce false negatives. The role involves reducing manual security review efforts by improving tooling and processes, enhancing the scope of assessments by adding new techniques and vulnerability categories, and consolidating and tracking vulnerabilities across the organization and supply chain. Additionally, they will review and define requirements for developing and deploying secure products, create guidelines and standards to meet these requirements, and work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.
API development and collaboration platform
Postman provides a platform for API development that helps developers and organizations design, test, document, and monitor APIs. The tools available on Postman enable teams to collaborate effectively, allowing them to share and manage APIs with ease. Users can access a variety of features through a subscription model, which includes different pricing tiers for individuals, small teams, and large enterprises, along with a free tier to attract new users. Postman has played a significant role in facilitating data exchange during the COVID-19 pandemic by offering API collections that provide real-time data for healthcare professionals, researchers, and government agencies. The company's goal is to streamline the API development process and enhance collaboration among development teams.