Senior Security Engineer, Application Security

3 Months ago • All levels • Cyber Security • $200,000 PA - $240,000 PA

Job Summary

Job Description

As a Senior Security Engineer, you will mentor junior engineers, improve security tooling, and conduct training sessions. You will identify and remediate critical vulnerabilities in web applications, services, and cloud infrastructure. Responsibilities include writing and reviewing technical documents, using automated and manual testing to reduce false negatives, improving assessment scopes, and tracking vulnerabilities. You will also define security requirements and create guidelines for secure product development. You will work closely with the team to build systems to protect against vulnerabilities.
Must have:
  • Experience in securing modern web applications and APIs.
  • Conducting threat modeling, security reviews and risk assessments.
  • Project management experience improving security of organizations.
  • Proficiency in one or more high-level programming languages.
  • Experience securing Data to meet various privacy framework requirements.
  • Deep understanding and experience in securing AWS environments.
Perks:
  • Full medical coverage
  • Flexible PTO
  • Wellness reimbursement
  • Monthly lunch stipend
  • Wellness programs
  • Creche allowance
  • Team-building events
  • Donation-matching program

Job Details

Who Are We?

Postman is the world’s leading API platform, used by more than 40 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.

The company is headquartered in San Francisco and has an office in Bangalore, where it was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.

What You’ll Do

  • Mentor junior security engineers and security champions on security best practices and techniques.
  • Improve our security tooling and processes.
  • Conduct security talks and training sessions.
  • Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them.
  • Write and review technical proposals, architectural diagrams, application code and IaC.
  • Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives.
  • Reduce manual security review efforts by improving our tooling and processes.
  • Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
  • Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts.
  • Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements.
  • Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.

About You

  • Experience working as a Senior Security Engineer with deep involvement in securing modern web
  • Applications and APIs.
  • Experience conducting threat modeling, security reviews and risk assessments.
  • Solid project management experience leading initiatives that have measurably improved the security of organizations.
  • Proficient in one or more high-level programming languages.
  • Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.
  • Experience securing Data to meet various privacy framework and regulation requirements.
  • Deep understanding and experience in securing AWS environments.
  • Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.
  • Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).
  • Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT

The reasonably estimated base salary for this role ranges from $200,000 to 240,000, plus a competitive equity package.

What Else?

In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. If you have little ones in your family, the creche allowance can help in supporting your work-life balance. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves. 

At Postman, we embrace a hybrid work model. For all roles based out of San Francisco Bay Area, Boston, Bangalore, Noida, Hyderabad, and New York, employees are expected to come into the office 3-days a week. We were thoughtful in our approach which is based on balancing flexibility and collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our hybrid office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

Equal opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Similar Jobs

Luxoft - Murex Front Office Developer

Luxoft

Hyderabad, Telangana, India (On-Site)
8 Months ago
Saronic Technologies - HR Business Partner

Saronic Technologies

Austin, Texas, United States (On-Site)
1 Week ago
Samsung Semiconductor - Staff Engineer, CPU Microarchitecture

Samsung Semiconductor

San Jose, California, United States (Hybrid)
5 Months ago
Assist software  - Unity Tech Artist

Assist software

Suceava, Suceava County, Romania (Remote)
8 Months ago
Morning Star - Senior Analyst

Morning Star

Mumbai, Maharashtra, India (Hybrid)
3 Weeks ago
cip soft - Security Analyst/Project Management

cip soft

Regensburg, Bavaria, Germany (On-Site)
2 Months ago
Scientific Games - Lead Information Security Analyst

Scientific Games

Bengaluru, Karnataka, India (On-Site)
3 Weeks ago
Alpha Sense - Senior Cloud Security Engineer

Alpha Sense

Delhi, India (On-Site)
2 Months ago
Optiv - Client Manager - Cybersecurity Sales

Optiv

Fort Worth, Texas, United States (On-Site)
1 Month ago
Tide - Staff Backend Engineer - DevEx, Security and Technology Foundations

Tide

Belgrade, Serbia (Hybrid)
3 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Paradox Interactive - Engine Graphics Programmer

Paradox Interactive

Sitges, Catalonia, Spain (On-Site)
2 Months ago
CD PROJEKT RED - Senior Technical Animator, Gameplay

CD PROJEKT RED

Warsaw, Masovian Voivodeship, Poland (On-Site)
2 Months ago
Samsung Semiconductor - Senior Engineer, Modeling (Optical Proximity Correction) Software engineer

Samsung Semiconductor

San Jose, California, United States (On-Site)
1 Month ago
Socialpoint - Manager, Events & Corporate Food & Bev

Socialpoint

Barcelona, Catalonia, Spain (On-Site)
1 Week ago
Sorare - Growth Data Analyst

Sorare

Paris, Île-de-France, France (Hybrid)
1 Week ago
Universal Music Group - Coordinator, Creative Licensing Assets

Universal Music Group

Santa Monica, California, United States (On-Site)
1 Week ago
Playtika - Service Operations Group Manager

Playtika

Poland (Hybrid)
4 Months ago
Take-Two Interactive - Media Systems Engineer II

Take-Two Interactive

Austin, Texas, United States (On-Site)
4 Weeks ago
Simcorp - Data Migration Delivery Lead - Capital Markets

Simcorp

Warsaw, Masovian Voivodeship, Poland (Hybrid)
2 Months ago
Resolver - Vice President Sales

Resolver

Chicago, Illinois, United States (Remote)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in San Francisco, California, United States

Solace - Healthcare Advocate

Solace

United States (Remote)
6 Months ago
Apple - Manager

Apple

Sugar Land, Texas, United States (On-Site)
2 Weeks ago
Adyen - Team Lead - Implementation

Adyen

San Francisco, California, United States (On-Site)
2 Months ago
EvenUp - Senior Manager, Digital & Performance Marketing

EvenUp

United States (Remote)
3 Months ago
bytedance - Software Engineer, Model Inference

bytedance

San Jose, California, United States (On-Site)
1 Week ago
oni - Business Development Associate

oni

Boston, Massachusetts, United States (Remote)
3 Months ago
Publicis Groupe - Manager, Programmatic Partnerships

Publicis Groupe

New York, United States (Hybrid)
2 Weeks ago
CharacterAI - Software Engineer, Safety

CharacterAI

Redwood City, California, United States (Hybrid)
4 Months ago
The Walt Disney Company - Newswriter/Producer

The Walt Disney Company

San Francisco, California, United States (On-Site)
4 Months ago
Vimeo - Sales Team

Vimeo

United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

PwC - Cyber Security Architect

PwC

Amsterdam, North Holland, Netherlands (On-Site)
6 Months ago
Black Bery - QNX Cybersecurity Manager

Black Bery

Ottawa, Ontario, Canada (On-Site)
1 Year ago
Nexon - Associate Security Engineer

Nexon

El Segundo, California, United States (Hybrid)
3 Months ago
Qualcomm - Senior Cyber Security Engineer

Qualcomm

San Diego, California, United States (On-Site)
1 Month ago
TransUnion - Senior Analyst - Cyber Security

TransUnion

(Remote)
2 Months ago
Rackner - Cybersecurity Program Manager

Rackner

Dayton, Ohio, United States (On-Site)
4 Weeks ago
Square - Cybersecurity Project Manager

Square

Lyon, Auvergne-Rhône-Alpes, France (On-Site)
2 Weeks ago
Google - Software Engineer III, Infrastructure, Google Cloud Security and Privacy

Google

Kirkland, Washington, United States (On-Site)
7 Months ago
PwC - ETIC, Cybersecurity Graduate Program

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
8 Months ago
BetterMe - Security Operations Engineer

BetterMe

Kyiv, Kyiv City, Ukraine (Remote)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

San Francisco, California, United States (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (Hybrid)

San Francisco, California, United States (Hybrid)

United States (Remote)

San Francisco, California, United States (Hybrid)

View All Jobs

Get notified when new jobs are added by Postman

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug