Postman

Staff Security Engineer

Reposted 4 Hours Ago

Be an Early Applicant

San Francisco CA USA

Hybrid

250K-275K Annually

Expert/Leader

Software

AI needs context. APIs deliver it.

The Role

As a Staff Security Engineer you will develop and maintain security architecture lead risk assessments evaluate technologies mentor junior engineers and drive security strategy across Postman's products.

Summary Generated by Built In

Who Are We?

Postman is the world’s leading API platform used by more than 45 million+ developers and 500000 organizations including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs faster.

The company is headquartered in San Francisco and has offices in Boston New York Austin Tokyo London and Bangalore - where Postman was founded. Postman is privately held with funding from Battery Ventures BOND Coatue CRV Insight Partners and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.

The Opportunity

As a Staff Security Engineer at Postman you will be responsible for developing maintaining and evolving the security architecture across Postman’s product lines. This role requires a deep understanding of security principles cloud technologies and product security best practices. You will work closely with product teams engineering and DevOps to integrate security into the architecture ensuring robust protection against threats.

What You’ll Do

Security Architecture Design: Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies.
Threat Modeling & Risk Assessment: Lead threat modelling and risk assessments to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies.
Technology Review & Evaluation: Evaluate new technologies and architectures from a security perspective ensuring they meet security requirements.
Security Strategy: Contribute to the development of long-term security strategy and roadmaps ensuring alignment with product goals and business objectives.
Incident Response: Work closely with the SOC to understand gaps in product architecture.
Mentorship & Leadership: Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.

About You

Experience:
- 10+ years in a security architecture role with a focus on software products and platforms.
- Experience working within fast-paced cloud-native environments.
- Proven experience with securing distributed systems microservices and APIs.
- Demonstrated knowledge of security frameworks industry standards and regulations (EX: ISO 27001 SOC 2 GDPR)
- Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.
- In-depth knowledge of cloud security best practices on the following platforms (AWS Azure Google Cloud)
Communication & Leadership:
- Strong ability to communicate complex security concepts to both technical and non-technical stakeholders.
- Experience working cross-functionally with product engineering and operations teams.
- Proven leadership in driving security initiatives and integrating security into product development lifecycles.
Preferred Skills:
- Experience with API security including OAuth JWT and OpenID Connect.
- Knowledge of container security (Docker Kubernetes).
- Familiarity with security automation tools and methodologies (e.g. SAST DAST RASP).
- Technical industry certifications such as OSCP GPEN etc…

The reasonably estimated base salary for this role ranges from $250000 to $275000 plus a competitive equity package. Actual compensation is based on the candidate's skills qualifications and experience.

What Else?

In addition to Postman's pay-on-performance philosophy and a flexible schedule working with a fun collaborative team Postman offers a comprehensive set of benefits including full medical coverage flexible PTO wellness reimbursement and a monthly lunch stipend. Along with that our wellness programs will help you stay in the best of your physical and mental health. Our frequent and fascinating team-building events will keep you connected while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves.

At Postman we value in person collaboration. We are in office 5 days a week for all roles based out of our hubs in San Francisco Bay Area Boston Austin Tokyo and London. For roles based in Bangalore employees currently work in the office three days a week and will transition to five days per week by the end of the year. We were thoughtful in our approach which is based on collaboration and grounded in feedback from our workforce leadership team and peers. The benefits of our in office model will be shared knowledge brainstorming sessions communication and building trust in-person that cannot be replicated via zoom.

Our Values

At Postman we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes but also failures. In our work we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

Equal opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender perception or identity national origin age marital status protected veteran status or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Top Skills

AWS

Azure

Dast

Docker

GCP

Jwt

Kubernetes

Oauth

Openid Connect

Rasp

Sast

View all jobs at Postman

View Postman Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: San Francisco CA

850 Employees

Year Founded: 2014

What We Do

Postman is the world’s leading API platform used by more than 40 million developers and 500000 organizations including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs faster. The company is headquartered in San Francisco and has an office in Bangalore where it was founded. Postman is privately held with funding from Battery Ventures BOND Coatue CRV Insight Partners and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

Why Work With Us

We are a hybrid workplace and diversity-focused company. We hire and retain the best talent from around the globe. We offer a carefully curated blend of world-class benefits so that you can maintain a healthy work-life balance and peace of mind. Your loved ones will thank you for joining us!