Staff Security Engineer - San Francisco

Postmanaut using robotics to design A P I. Illustration.

Who Are We?

Postman is the world's leading collaboration platform for API development. Postman's features simplify each step of building an API & streamline collaboration to help create better APIs—faster. More than 35 million developers & 500,000 organizations worldwide use Postman today, and we continue to strive humbly towards our mission of 100 million connected developers & serving companies as they seek to innovate in an API-first world. Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.

We highly recommend reading The "API-First World" graphic novel to understand the bigger picture & our vision at Postman.

The Opportunity

As a Staff Security Engineer at Postman, you will be responsible for developing, maintaining, and evolving the security architecture across Postman’s product lines. This role requires a deep understanding of security principles, cloud technologies, and product security best practices. You will work closely with product teams, engineering, and DevOps to integrate security into the architecture, ensuring robust protection against threats.

What You’ll Do:

  • Security Architecture Design: Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies.
  • Threat Modeling & Risk Assessment: Lead threat modeling and risk assessment to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies.
  • Technology Review & Evaluation: Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements.
  • Security Strategy: Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives.
  • Incident Response: Work closely with the SOC to understand gaps in product architecture. 
  • Mentorship & Leadership: Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.

About You:

Experience:

  • 15+ years in a security architecture role with a focus on software products and platforms.
  • Experience working within fast-paced, cloud-native environments.
  • Proven experience with securing distributed systems, microservices, and APIs.
  • Demonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR)
  • Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.
  • In-depth knowledge of cloud security best practices on the following platforms (AWS, Azure, Google Cloud

Communication & Leadership:

  • Strong ability to communicate complex security concepts to both technical and non-technical stakeholders.
  • Experience working cross-functionally with product, engineering, and operations teams.
  • Proven leadership in driving security initiatives and integrating security into product development lifecycles.

Preferred Skills: 

  • Experience with API security, including OAuth, JWT, and OpenID Connect.
  • Knowledge of container security (Docker, Kubernetes).
  • Familiarity with security automation tools and methodologies (e.g., SAST, DAST, RASP).
  • Technical industry certifications such as OSCP, GPEN etc.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency & honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

What Else?

If the role is based in the greater San Francisco area, and the we are offering a base salary range of $250,000 to $300,000 plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. In addition to our pay-on-performance philosophy, we offer a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Salaries will vary outside of the listed metropolitan areas & the U.S.

Equal Opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Apply Now

2024 State of the API report is here!

Discover key API trends from 5,600+ devs and API professionals in Postman's annual report.