Staff Security Engineer

$250,000 - $350,000/Yr

Postman (Api Tools) - San Francisco, CA

posted 3 days ago

Full-time - Senior
San Francisco, CA
10,001+ employees
Performing Arts, Spectator Sports, and Related Industries

About the position

As a Staff Security Engineer at Postman, you will be responsible for developing, maintaining, and evolving the security architecture across Postman's product lines. This role requires a deep understanding of security principles, cloud technologies, and product security best practices. You will work closely with product teams, engineering, and DevOps to integrate security into the architecture, ensuring robust protection against threats.

Responsibilities

  • Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services.
  • Lead threat modeling and risk assessment to identify security vulnerabilities in existing and new systems and recommend appropriate mitigation strategies.
  • Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements.
  • Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives.
  • Work closely with the SOC to understand gaps in product architecture.
  • Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.

Requirements

  • 15+ years in a security architecture role with a focus on software products and platforms.
  • Experience working within fast-paced, cloud-native environments.
  • Proven experience with securing distributed systems, microservices, and APIs.
  • Demonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR).
  • Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.
  • In-depth knowledge of cloud security best practices on platforms such as AWS, Azure, and Google Cloud.

Nice-to-haves

  • Experience with API security, including OAuth, JWT, and OpenID Connect.
  • Knowledge of container security (Docker, Kubernetes).
  • Familiarity with security automation tools and methodologies (e.g., SAST, DAST, RASP).
  • Technical industry certifications such as OSCP, GPEN.

Benefits

  • Full medical coverage
  • Flexible PTO
  • Wellness reimbursement
  • Monthly lunch stipend

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service