Postman · 12 hours ago
Staff Security Engineer
San Francisco, CA
Full-time
Hybrid
Lead/Staff
$250K/yr - $275K/yr
10+ years expPostman is the world’s leading API platform, used by over 45 million developers and 500,000 organizations. As a Staff Security Engineer, you will be responsible for developing and maintaining the security architecture across Postman’s product lines, ensuring robust protection against threats and mentoring junior engineers.
Developer APIsDeveloper ToolsEnterprise SoftwareSaaS
Responsibilities
Security Architecture Design: Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies
Threat Modeling & Risk Assessment: Lead threat modelling and risk assessments to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies
Technology Review & Evaluation: Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements
Security Strategy: Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives
Incident Response: Work closely with the SOC to understand gaps in product architecture
Mentorship & Leadership: Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices
Qualification
Required
10+ years in a security architecture role with a focus on software products and platforms
Experience working within fast-paced, cloud-native environments
Proven experience with securing distributed systems, microservices, and APIs
Demonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR)
Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines
In-depth knowledge of cloud security best practices on the following platforms (AWS, Azure, Google Cloud)
Strong ability to communicate complex security concepts to both technical and non-technical stakeholders
Experience working cross-functionally with product, engineering, and operations teams
Proven leadership in driving security initiatives and integrating security into product development lifecycles
Preferred
Experience with API security, including OAuth, JWT, and OpenID Connect
Knowledge of container security (Docker, Kubernetes)
Familiarity with security automation tools and methodologies (e.g., SAST, DAST, RASP)
Technical industry certifications such as OSCP, GPEN etc…
Benefits
Full medical coverage
Flexible PTO
Wellness reimbursement
Monthly lunch stipend
Wellness programs
Frequent and fascinating team-building events
Donation-matching program
Company
Postman
Postman is a software company that offers a platform for the users to design, develop, test, and organize custom APIs.
501-1000 employees
H1B Sponsorship
Postman has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (22)
2024 (6)
2023 (4)
2022 (5)
2021 (2)
2020 (1)
Funding
Current Stage
Late StageTotal Funding
$433MKey Investors
Insight PartnersCRVNexus Venture Partners
2021-08-18Series D· $225M
2020-06-11Series C· $150M
2019-06-19Series B· $50M
Leadership Team
Abhinav Asthana
Founder and CEO
Abhijit Kane
Co-Founder
Recent News
2026-01-11
2026-01-09
2026-01-09
Company data provided by crunchbase