Senior Security Engineer, Application Security

2 Months ago • All levels • Cyber Security • $200,000 PA - $240,000 PA

Job Summary

Job Description

As a Senior Security Engineer, you will mentor junior engineers, improve security tooling, and conduct training sessions. You will identify and remediate critical vulnerabilities in web applications, services, and cloud infrastructure. Responsibilities include writing and reviewing technical documents, using automated and manual testing to reduce false negatives, improving assessment scopes, and tracking vulnerabilities. You will also define security requirements and create guidelines for secure product development. You will work closely with the team to build systems to protect against vulnerabilities.
Must have:
  • Experience in securing modern web applications and APIs.
  • Conducting threat modeling, security reviews and risk assessments.
  • Project management experience improving security of organizations.
  • Proficiency in one or more high-level programming languages.
  • Experience securing Data to meet various privacy framework requirements.
  • Deep understanding and experience in securing AWS environments.
Perks:
  • Full medical coverage
  • Flexible PTO
  • Wellness reimbursement
  • Monthly lunch stipend
  • Wellness programs
  • Creche allowance
  • Team-building events
  • Donation-matching program

Job Details

Who Are We?

Postman is the world’s leading API platform, used by more than 40 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.

The company is headquartered in San Francisco and has an office in Bangalore, where it was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.

What You’ll Do

  • Mentor junior security engineers and security champions on security best practices and techniques.
  • Improve our security tooling and processes.
  • Conduct security talks and training sessions.
  • Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them.
  • Write and review technical proposals, architectural diagrams, application code and IaC.
  • Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives.
  • Reduce manual security review efforts by improving our tooling and processes.
  • Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
  • Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts.
  • Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements.
  • Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.

About You

  • Experience working as a Senior Security Engineer with deep involvement in securing modern web
  • Applications and APIs.
  • Experience conducting threat modeling, security reviews and risk assessments.
  • Solid project management experience leading initiatives that have measurably improved the security of organizations.
  • Proficient in one or more high-level programming languages.
  • Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.
  • Experience securing Data to meet various privacy framework and regulation requirements.
  • Deep understanding and experience in securing AWS environments.
  • Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.
  • Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).
  • Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT

The reasonably estimated base salary for this role ranges from $200,000 to 240,000, plus a competitive equity package.

What Else?

In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. If you have little ones in your family, the creche allowance can help in supporting your work-life balance. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves. 

At Postman, we embrace a hybrid work model. For all roles based out of San Francisco Bay Area, Boston, Bangalore, Noida, Hyderabad, and New York, employees are expected to come into the office 3-days a week. We were thoughtful in our approach which is based on balancing flexibility and collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our hybrid office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

Equal opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Similar Jobs

Daybreak - Creative Director

Daybreak

San Diego, California, United States (Hybrid)
2 Months ago
IMC - FPGA Engineer

IMC

Sydney, New South Wales, Australia (On-Site)
2 Months ago
Stepico - Middle Game Designer

Stepico

(Remote)
1 Month ago
Applike - QA Engineer

Applike

Hamburg, Hamburg, Germany (Hybrid)
2 Months ago
Playtika - HR Lead

Playtika

Poland (Hybrid)
8 Months ago
Scopely - Senior Security IAM Engineer

Scopely

Lisbon, Lisbon, Portugal (Hybrid)
3 Months ago
Coupa - IT Security, Risk, and Compliance Auditor

Coupa

Reno, Nevada, United States (Remote)
1 Month ago
Ion - Vulnerability Management Analyst

Ion

London, England, United Kingdom (On-Site)
1 Week ago
endava - Infrastructure Security Operations Engineer

endava

Cluj-Napoca, Cluj County, Romania (On-Site)
1 Month ago
binance - Pioneer Talent Program - Security Operation Engineer (SOC)

binance

Taipei City, Taiwan (Remote)
3 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Zeeco, Inc. - C&I Engineer - Global Support

Zeeco, Inc.

Mumbai, Maharashtra, India (On-Site)
9 Months ago
HP - Printing Systems Engineer Internship

HP

Sant Cugat Del Vallès, Catalonia, Spain (On-Site)
1 Month ago
clevertap - Senior Backend Engineer

clevertap

Mumbai, Maharashtra, India (Hybrid)
1 Month ago
London stock Exchange - Senior Research Analyst

London stock Exchange

Bengaluru, Karnataka, India (On-Site)
1 Month ago
Luni Studio - User Acquisition Manager

Luni Studio

Paris, Île-de-France, France (Hybrid)
8 Months ago
WPI - Summer Program Lead Counselor

WPI

Worcester, Massachusetts, United States (On-Site)
2 Months ago
Cubic games - Technical UI Designer

Cubic games

Yerevan, Yerevan, Armenia (Remote)
2 Months ago
Immutable - VP of Growth, Performance

Immutable

Sydney, New South Wales, Australia (Hybrid)
2 Months ago
InMobiInMobi - Lead - Growth - 1Weather

InMobiInMobi

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Samsung Semiconductor - Senior Manager, Recruiting

Samsung Semiconductor

San Jose, California, United States (On-Site)
6 Days ago

Get notifed when new similar jobs are uploaded

Jobs in San Francisco, California, United States

Coherent corp. - Sr. Program Manager

Coherent corp.

Warren, New Jersey, United States (On-Site)
1 Month ago
Rolls-Royce - Development Engineer (Project Engineer)

Rolls-Royce

Indianapolis, Indiana, United States (Hybrid)
3 Weeks ago
fable vison studios - Art Intern

fable vison studios

Boston, Massachusetts, United States (On-Site)
8 Years ago
Axon - Deal Enablement Analyst

Axon

Denver, Colorado, United States (Hybrid)
1 Month ago
IGT - Software Quality Assurance Engineer IV

IGT

Las Vegas, Nevada, United States (Hybrid)
1 Month ago
Wolters Kluwer - Firmware Engineer II

Wolters Kluwer

Reno, Nevada, United States (On-Site)
3 Weeks ago
Ethernovia - Senior ASIC (Front-End) Design Engineer

Ethernovia

United States (Remote)
1 Month ago
Riot Games - Staff Software Engineer, Progression - VALORANT

Riot Games

Mercer Island, Washington, United States (On-Site)
1 Month ago
Kavalirio - Cloud Engineer

Kavalirio

Denver, Colorado, United States (On-Site)
3 Weeks ago
Next Level Business Services - Lead Architecture Specialist (LAS)

Next Level Business Services

Midland, Michigan, United States (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Fi - Senior Security Analyst - GRC

Fi

Bengaluru, Karnataka, India (On-Site)
9 Months ago
Techland - Security Analyst

Techland

Wrocław, Lower Silesian Voivodeship, Poland (On-Site)
1 Month ago
Granicus - Senior Security Analyst

Granicus

Bengaluru, Karnataka, India (Hybrid)
8 Months ago
Tesla - EMEA Security Systems Engineer

Tesla

Berlin, Berlin, Germany (On-Site)
4 Months ago
Assystems - Security Analyst / Incident Responder L2/L3

Assystems

Gurugram, Haryana, India (On-Site)
8 Months ago
Barracuda - Associate Account Executive (Cybersecurity, SMB, Mid-Market)

Barracuda

Mumbai, Maharashtra, India (On-Site)
3 Months ago
smarsh - Cloud Platform Engineer – Information Security and Networks

smarsh

Portland, Oregon, United States (Remote)
4 Months ago
Nice - Information Security Engineer

Nice

Southampton, England, United Kingdom (Hybrid)
2 Weeks ago
Reddit - Senior Software Engineer, Security Partner

Reddit

San Francisco, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded