Posted in

Senior Security Engineer – Application Security

Senior Security Engineer – Application Security

CompanyPostman
LocationSan Francisco, CA, USA
Salary$200000 – $240000
TypeFull-Time
Degrees
Experience LevelSenior

Requirements

  • Experience working as a Senior Security Engineer with deep involvement in securing modern web applications and APIs.
  • Experience conducting threat modeling, security reviews and risk assessments.
  • Solid project management experience leading initiatives that have measurably improved the security of organizations.
  • Proficient in one or more high-level programming languages.
  • Proficient with common developer tools and processes such as Github, CI/CD, containers and orchestration, IaaS/PaaS, APIs, Websockets, Databases, Front-End and Back-End systems.
  • Experience securing Data to meet various privacy framework and regulation requirements.
  • Deep understanding and experience in securing AWS environments.
  • Experience in deploying AppSec tools (e.g., SAST, SCA, WAF etc) throughout the stages of the SDLC to ensure the most relevant vulnerabilities are surfaced and false positives are kept to a minimum.
  • Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies).
  • Strong understanding of various authentication/authorization protocols e.g. OAuth, SAML and JWT.

Responsibilities

  • Mentor junior security engineers and security champions on security best practices and techniques.
  • Improve our security tooling and processes.
  • Conduct security talks and training sessions.
  • Identify critical flaws and weaknesses in our web applications, services and our cloud infrastructure then design and implement strategic solutions to remediate them.
  • Write and review technical proposals, architectural diagrams, application code and IaC.
  • Use automated and manual testing techniques to gain a better understanding of the environment and reduce false negatives.
  • Reduce manual security review efforts by improving our tooling and processes.
  • Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
  • Consolidate and track vulnerabilities across our organization and our supply chain to assist in identifying areas to focus our security uplift efforts.
  • Review and define requirements for developing and deploying secure products; create guidelines and standards to meet these requirements.
  • Work closely with the team to build systems that protect against and eradicate entire classes of vulnerabilities.

Preferred Qualifications

    No preferred qualifications provided.