Job Description :

Postman is looking for experienced Security Researchers and Security Engineer who would be responsible for maintaining and improving the security of the services provided by Postman.

Your team :

You would be working within the Platform team of Postman, which comprises of other Security Researchers, Software Engineers and Data Engineers. This position is based out of Bangalore and reports to the Engineering Manager.

As a part of this role, you would be doing the following:

• Identify critical flaws in our web applications and cloud infrastructure that could be exploited.
• Collaborate with peers to write and review technical proposals, architectural diagrams, application code and cloud formation.
• Reduce assessment time by maintaining specifications and tooling. Improve the scope of our assessments by adding new techniques and new categories of vulnerability assessments.
• Educate the organization to pre-emptively develop secure services and to prevent security regressions by organizing talks and preparing written articles.
• Use manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives.
• Compile and track vulnerabilities over time for metrics purposes within the organization, along with vulnerabilities on all technologies we use and technologies provided to us by our SaaS vendors.
• Review and define requirements for information security solutions in the context of our products and set guidelines to meet them.
• Work closely with the team to build systems that can eliminate and protect against and eradicate entire classes of vulnerabilities.

Requirements :

• Experience working as a Security Engineer or working as a Software Engineer with deep involvement in securing web applications.
• Ability to understand complicated information-flows along with the ability to use one or more high-level programming language.
• Understanding of web technologies such as Browsers, JavaScript, APIs, Websockets, Databases, Front-End and Back-End systems.
• Understanding of web security mechanisms (such as SOP, CORS, CSP, Subresource Integrity, and same-site cookies)
• Awareness of applications implementing OAuth, SAML and JWT authentication.

About Us:

• Postman is the world’s leading collaboration platform for API development.
• Postman’s features simplify each step of building an API and streamline collaboration to help create better APIs—faster.
• More than 10 million developers and 500,000 organizations worldwide use Postman today.
• Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.