Information Security Engineer

San Francisco, United States


JavaScript Python AWS

Apply now


Postman leads the way in the API-first universe. Postman’s API Development Environment is used by 8+ million developers and more than 300,000 companies to access 250+ million APIs every month.

We are looking for experienced Information Security Engineers to maintain and strengthen the cloud security perimeter of our organization.

This position reports to our Chief Software Architect or to one of our security engineering managers.


  • Identify design and configuration flaws of our cloud infrastructure that could be exploited by bad actors.
  • Collaborate with service and product engineers to write and review technical proposals, architectural diagrams, cloud formations and general solutions with security context.
  • Be part of incident management and risk mitigation processes of the organization to do root cause analysis, report generation and provide mitigation solutions.
  • Model, enforce and audit compliance parameters and security control frameworks on our cloud infrastructure, services and product assets.
  • Setup defensive perimeter around organization’s operations that can proactively protect against malicious intends.
  • Build and implement strong observability and reporting tools around security compliance control points and help us stay compliant to legal regulations.
  • Be part of running security awareness and training programs for all engineers within the organization.


  • You have 5 to 10 years of experience working in a security-responsible organization that is required to adhere to strict security regulations.
  • Experience working with a lean security team that has an affinity to engineer security solutions to empower and audit the security state of the organization.
  • Strong understanding of SaaS security operations vide prior experience of working in SaaS product company operating at a consumer scale.
  • Strong understanding of security practices of cloud platforms such as AWS and penetration testing skills to establish efficacy of your solutions.
  • Awareness of compliance control points from standards such as SOC, HIPAA. ISO/IEC 27001, etc
  • Strong affinity to build and create automation and reporting solutions using tools and frameworks with no inhibition to hands-on build cloud security solutions.
  • You understand the inner workings of the tools you use in your work and can even operate without heavily leaning on to pre-tooled processes and systems.
  • Familiar with scripting and programming languages such as JavaScript, Python with ability to demonstrate awareness of advanced penetration/exploitation techniques.
  • Knowledge acquired earning a degree Computer Science would be of great value in this position, but if you are smart and have the experience that backs up your abilities, that is of equal value for us.


We offer a competitive salary and excellent benefits, What you will also get to experience is a company that believes in autonomous small teams for maximum impact; that strives for organizational growth to align with that of the individual; that continuously and purposefully builds an inclusive culture where everyone is able to do and be the best version of themselves and where ideas are encouraged from anyone and everyone. We seek people who naturally demonstrate our values, who not only understand the challenge but can also solve this for the rest of the world. Be a part of something big.

Postman is the only complete API development environment used by more than 7 million developers and 300,000 companies worldwide.