• Security Architecture Design: Collaborate with product teams to maintain a security architecture framework that supports the secure deployment of Postman products and services. This includes in advising GRC / Legal on Security policies.

• Threat Modeling & Risk Assessment: Lead threat modeling and risk assessment to identify security vulnerabilities in existing and new systems. Recommend appropriate mitigation strategies.

• Technology Review & Evaluation: Evaluate new technologies and architectures from a security perspective, ensuring they meet security requirements.

• Security Strategy: Contribute to the development of long-term security strategy and roadmaps, ensuring alignment with product goals and business objectives.

• Incident Response: Work closely with the SOC to understand gaps in product architecture. 

• Mentorship & Leadership: Mentor and provide guidance to junior security engineers and architects on security architecture principles and best practices.

About You:

Experience:

• 15+ years in a security architecture role with a focus on software products and platforms.
• Experience working within fast-paced, cloud-native environments.
• Proven experience with securing distributed systems, microservices, and APIs.
• Demonstrated knowledge of security frameworks, industry standards, and regulations (EX: ISO 27001, SOC 2, GDPR)
• Hands-on experience with DevSecOps principles and integration of security within CI/CD pipelines.
• In-depth knowledge of cloud security best practices on the following platforms (AWS, Azure, Google Cloud

Communication & Leadership:

• Strong ability to communicate complex security concepts to both technical and non-technical stakeholders.
• Experience working cross-functionally with product, engineering, and operations teams.
• Proven leadership in driving security initiatives and integrating security into product development lifecycles.

Prefered Skills: 

• Experience with API security, including OAuth, JWT, and OpenID Connect.

• Knowledge of container security (Docker, Kubernetes).

• Familiarity with security automation tools and methodologies (e.g., SAST, DAST, RASP).

• Technical industry certifications such as OSCP, GPEN etc.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency & honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

What Else?

If the role is based in the greater San Francisco area, and the we are offering a base salary range of $250,000 to $350,000 plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. In addition to our pay-on-performance philosophy, we offer a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Salaries will vary outside of the listed metropolitan areas & the U.S.

Equal Opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.