Senior Cloud Security Engineer
Remote, Australia
Applications have closed
Who Are We?
Postman is the world’s leading collaboration platform for API development. Our app simplifies each step of the API building process and streamlines collaboration. More than 20 million developers and 500,000 organizations worldwide currently use Postman. We recently raised our Series-D at a $5.6 billion valuation.
Here's a timeline of Postman’s journey in becoming an API Platform.
About the Team.
After our exciting $5.6 Billion Series D Valuation, we are set to innovate and scale our Application Security function rapidly in order to ensure we continue to live by our responsibility to provide services which are secured and we promote a secured API and general development culture throughout the globe. Postman’s Application Security team is comprised of other Security Researchers and Software Engineers who are highly conscious about security and pursue the continuous effort to improve ourselves with regular security-related discussions, planning, and training while also possessing a general air of being security aware.
The Opportunity.
As a result, Postman is looking for experienced Security Researchers and Security Engineers to join the Application Security team. You would be responsible for maintaining and improving the security of the services provided by Postman.
This position is remote and reports to the Application Security Manager.
What You'll Do.
-
Work closely with the team to build systems that can eliminate and protect against and eradicate entire classes of vulnerabilities.
-
Use automated and manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives.
-
Identify critical flaws and weaknesses in our web applications and cloud infrastructure then design and implement strategic solutions to remediate them.
-
Reduce assessment time by maintaining specifications and tooling. Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
-
Review and define requirements for developing and deploying secure products and set guidelines to meet them.
-
Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts.
-
Write and review technical proposals, architectural diagrams, application code and cloud formation.
-
Mentor Junior Security Engineers and Security Champions by creating security standards and guidelines, improving security tooling and processes and conducting talks and training sessions.
About You.
-
Led security initiatives from beginning to end to improve the security posture of an organization.
-
Experience working as a Senior Security Engineer with deep involvement in securing modern web applications and APIs.
-
Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.
-
Deep understanding and experience in securing AWS environments.
-
Proficient in one or more high-level programming languages.
-
Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.
-
Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).
-
Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT.
-
Experience conducting threat modeling, security reviews and risk assessments.
What Else?
We offer competitive salary and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it.
Join us, why dontcha?
#LI-REMOTE
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS CI/CD Cloud GitHub IaaS PaaS PostMan Risk assessment SAML SAST SDLC Vulnerabilities
Perks/benefits: Competitive pay Flex hours Flex vacation Health care Home office stipend Team events Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs