Staff Security Engineer

Who Are We?

Postman is the world's leading collaboration platform for API development. Postman's features simplify each step of building an API & streamline collaboration to help create better APIs—faster. More than 30 million developers & 500,000 organizations worldwide use Postman today, and we continue to strive humbly towards our mission of 100 million connected developers & serving companies as they seek to innovate in an API-first world. Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.

We highly recommend reading The "API-First World" graphic novel to understand the bigger picture & our vision at Postman.

The Opportunity

As a Staff Security Engineer at Postman, you will be responsible for developing, maintaining, and evolving the security architecture across Postman’s product lines. This role requires a deep understanding of security principles, cloud technologies, and product security best practices. You will work closely with product teams, engineering, and DevOps to integrate security into the architecture, ensuring robust protection against threats.

What You’ll Do:

• Security Architecture Design : Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies.

• Threat Modeling & Risk Assessment : Lead threat modeling and risk assessment to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies.

• Technology Review & Evaluation : Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements.

• Security Strategy : Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives.

• Incident Response : Work closely with the SOC to understand gaps in product architecture.

• Mentorship & Leadership : Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.

About You:

Experience :

• 15+ years in a security architecture role with a focus on software products and platforms.
• Experience working within fast-paced, cloud-native environments.
• Proven experience with securing distributed systems, microservices, and APIs.
• Demonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR)
• Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.
• In-depth knowledge of cloud security best practices on the following platforms (AWS, Azure, Google Cloud

Communication & Leadership :

• Strong ability to communicate complex security concepts to both technical and non-technical stakeholders.
• Experience working cross-functionally with product, engineering, and operations teams.
• Proven leadership in driving security initiatives and integrating security into product development lifecycles.

Preferred Skills:

• Experience with API security, including OAuth, JWT, and OpenID Connect.

• Knowledge of container security (Docker, Kubernetes).

• Familiarity with security automation tools and methodologies (e.g., SAST, DAST, RASP).

• Technical industry certifications such as OSCP, GPEN etc.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency & honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

What Else?

If the role is based in the greater San Francisco area, and the we are offering a base salary range of $250,000 to $350,000 plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. In addition to our pay-on-performance philosophy, we offer a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Salaries will vary outside of the listed metropolitan areas & the U.S.

Equal Opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Apply Now{"@context":"http://schema.org","@type":"JobPosting","datePosted":"2024-10-25","description":"Who Are We?\nPostman is the world's leading collaboration platform for API development. Postman's features simplify each step of building an API & streamline collaboration to help create better APIs—faster. More than 30 million developers & 500,000 organizations worldwide use Postman today, and we continue to strive humbly towards our mission of 100 million connected developers & serving companies as they seek to innovate in an API-first world. Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.\nWe highly recommend reading The "API-First World" graphic novel to understand the bigger picture & our vision at Postman.\nThe Opportunity\nAs a Staff Security Engineer at Postman, you will be responsible for developing, maintaining, and evolving the security architecture across Postman’s product lines. This role requires a deep understanding of security principles, cloud technologies, and product security best practices. You will work closely with product teams, engineering, and DevOps to integrate security into the architecture, ensuring robust protection against threats.\nWhat You’ll Do:\n\n\n\nSecurity Architecture Design: Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies.\n\n\nThreat Modeling & Risk Assessment: Lead threat modeling and risk assessment to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies.\n\n\nTechnology Review & Evaluation: Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements.\n\n\nSecurity Strategy: Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives.\n\n\nIncident Response: Work closely with the SOC to understand gaps in product architecture. \n\n\nMentorship & Leadership: Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.\n\n\nAbout You:\nExperience:\n\n15+ years in a security architecture role with a focus on software products and platforms.\nExperience working within fast-paced, cloud-native environments.\nProven experience with securing distributed systems, microservices, and APIs.\nDemonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR)\nHands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.\nIn-depth knowledge of cloud security best practices on the following platforms (AWS, Azure, Google Cloud\n\nCommunication & Leadership:\n\nStrong ability to communicate complex security concepts to both technical and non-technical stakeholders.\nExperience working cross-functionally with product, engineering, and operations teams.\nProven leadership in driving security initiatives and integrating security into product development lifecycles.\n\nPreferred Skills: \n\n\nExperience with API security, including OAuth, JWT, and OpenID Connect.\n\n\nKnowledge of container security (Docker, Kubernetes).\n\n\nFamiliarity with security automation tools and methodologies (e.g., SAST, DAST, RASP).\n\n\nTechnical industry certifications such as OSCP, GPEN etc.\n\n\nOur Values\nAt Postman, we create with the same curiosity that we see in our users. We value transparency & honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.\nWhat Else?\nIf the role is based in the greater San Francisco area, and the we are offering a base salary range of $250,000 to $350,000 plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. In addition to our pay-on-performance philosophy, we offer a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Salaries will vary outside of the listed metropolitan areas & the U.S.\nEqual Opportunity\nPostman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.\n","title":"Staff Security Engineer - San Francisco","validThrough":"2024-11-24","employmentType":"FULL_TIME","image":"https://assets.getpostman.com/common-share/postman-platform-for-api-development-social-card.jpg","hiringOrganization":{"@type":"Organization","name":"Postman","sameAs":"https://www.postman.com","logo":"https://assets.getpostman.com/common-share/postman-platform-for-api-development-social-card.jpg"},"baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","value":"competitive","unitText":"SALARY"}},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","streetAddress":"201 Mission Street, Suite 2375","addressLocality":"San Francisco","addressRegion":"CA","postalCode":"94105","addressCountry":"US"}}}