Senior Application Security Engineer
Postman is the world’s leading collaboration platform for API development. Postman's features simplify each step of building an API and streamline collaboration to help create better APIs—faster. More than 20 million developers and 500,000 organizations worldwide use Postman today.
Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.
About the Team
After our exciting $5.6 Billion Series D Valuation, we are set to innovate and scale our Application Security function rapidly in order to ensure we continue to live by our responsibility to provide services which are secured and we promote a secured API and general development culture throughout the globe. Postman’s Application Security team is comprised of other Security Researchers and Software Engineers who are highly conscious about security and pursue the continuous effort to improve ourselves with regular security-related discussions, planning, and training while also possessing a general air of being security aware.
As a result, Postman is looking for experienced Security Researchers and Security Engineers to join the Application Security team. You would be responsible for maintaining and improving the security of the services provided by Postman.
This position is remote and reports to the Application Security Manager.
What you get to do every day
Mentor Junior Security Engineers and Security Champions by creating security standards and guidelines, improving security tooling and processes and conducting talks and training sessions.
Identify critical flaws and weaknesses in our web applications and cloud infrastructure then design and implement strategic solutions to remediate them.
Write and review technical proposals, architectural diagrams, application code and cloud formation.
Reduce assessment time by maintaining specifications and tooling. Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
Use automated and manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives.
Consolidate and track vulnerabilities across our organisation and our supply chain to assist in identifying areas to focus our security uplift efforts.
Review and define requirements for developing and deploying secure products and set guidelines to meet them.
Work closely with the team to build systems that can eliminate and protect against and eradicate entire classes of vulnerabilities.
What you bring to the role
Experience working as a Senior Security Engineer with deep involvement in securing modern web applications and APIs.
Experience conducting threat modelling, security reviews and risk assessments.
Led security initiatives from beginning to end to improve the security posture of an organisation.
Proficient in one or more high-level programming languages.
Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.
Deep understanding and experience in securing AWS environments.
Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.
Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).
Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT.
We offer competitive salary and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?
Other jobs like this
Senior Application Security Engineer (BE - Java Code Audit)Application security Auditing Audits Blockchain Code analysis Crypto Finance Java Vulnerabilities
Career development Competitive pay Flat hierarchy Flex hours Relocation
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs