Senior Security Engineer, Detection & Response

San Francisco, United States

Apply now Apply later

Who Are We?

Postman is the world's leading collaboration platform for API development. Postman's features simplify each step of building an API & streamline collaboration to help create better APIs—faster. More than 30 million developers & 500,000 organizations worldwide use Postman today, and we continue to strive humbly towards our mission of 100 million connected developers & serving companies as they seek to innovate in an API-first world. Our customers are doing more and more astounding things with the Postman product every day, and as a result, we are growing rapidly.

We highly recommend reading The "API-First World" graphic novel to understand the bigger picture & our vision at Postman.

The Opportunity

We are seeking an experienced Senior Security Engineer, Detection & Response to join our dynamic security team. In this role, you will provide Level 2 support to our managed Security Operations Center (SOC), monitoring and analyzing security alerts and emerging threats across our corporate, cloud and production environments to identify and respond to potential security incidents and critical vulnerabilities.

You’ll work closely with the broader security and IT team and other engineering teams to develop a strong understanding of our ecosystem to enable you to act effectively as an Incident Commander when required, and coordinate incident resolution with cross-functional teams to ensure 24/7 coverage. This understanding will aid you in your threat hunting and forensic investigations to uncover indicators of compromise and patterns of malicious activity, as well as fine-tune and develop additional detection rules, configurations, custom playbooks and automations tailored to our environment in collaboration with our managed SOC.

In the area of vulnerability management, you will monitor security advisories and threat intelligence feeds, and drive proactive actions within the organization. Your collaboration with cross-functional teams will be essential in proactively detecting and responding to security threats and ensuring the overall security of our digital assets.

What You’ll Do:

  • Security Operations Duties:

    • Provide Level 2 support to a managed SOC and support moitoring security alerts and events from various sources, including corporate tools, WAF, security information and event management (SIEM) systems, and AWS to identify potential security incidents, intrusions and vulnerabilities

    • Conduct threat huntingand perform forensic investigations to identify indicators of compromise (IOCs) and patterns of malicious activity.

    • Coordinate and manager incident resolution with cross-functional teams, including acting as Incident Commander during incidents to help provide 24/7 coverage with other team members.

    • Support Cloud Detection & Response platforms to enable various automated notification and containment workflows.

  • Detection Engineering:

    • Fine-tune and develop detection riles, configurations, and automations based on new threats, lessons learned, or environmental changes.

    • Work with the managed SOC to develop custom playbooks. 
    • Where possible, write scripts and develop custom tools to automate the detection and response processes. Adhere to SSDLC best practices when writing scripts or developing tools.

    • Identify any gaps in logging coverage to ensure we maintain the highest visibility into any threats to our environment 

    • Manage Cloudflare security products for web application security, including WAF rules and DDoS protection.

    • Collaborate with cross-functional teams to proactively detect and respond to potential security threats and ensure the overall security of our organization's digital assets.

  • Vulnerability Management:

    • Monitor security advisories, threat intelligence feeds, and vendor updates for critical threats to drive action back into the enterprise/product organization.

About You:

  • Education & Experience:

    • Bachelor’s degree in Computer Science, Information Security, or a related field.

    • Minimum of 5-7 years of experience in a SOC analyst or security operations role.

  • Technical Skills:

    • Proficiency in programming and relevant scripting languages such as Python, JavaScript, Bash, and PowerShell.

    • Experience with AWS security services and best practices.

    • Familiarity with Cloudflare, SentinelOne, Okta, and related security tools.

    • Understanding of network protocols, firewalls, and intrusion detection systems.

  • Soft Skills:

    • Strong analytical and problem-solving abilities.

    • Excellent communication skills, both written and verbal.

    • Ability to work independently and as part of a team.

Preferred Qualifications:

  • Certifications such as CISSP, CEH, and AWS Certified Security Specialty.

  • Experience with infrastructure as code tools (e.g., Terraform).

  • Knowledge of DevSecOps practices and CI/CD pipelines.

  • Familiarity with regulatory compliance standards (e.g., GDPR, ISO 27001).

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency & honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

What Else?

If the role is based in the greater San Francisco area, and the we are offering a base range of $180,000 to $212,000 plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. In addition to our pay-on-performance philosophy, we offer a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Salaries will vary outside of the listed metropolitan areas & the U.S.

Equal Opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Apply now Apply later
  • Share this job via
  • 𝕏
  • or
Job stats:  0  0  0

Tags: APIs Application security AWS Bash CEH CI/CD CISSP Cloud Cloudflare Compliance Computer Science DDoS DevSecOps Firewalls GDPR Intrusion detection ISO 27001 JavaScript Monitoring Okta PostMan PowerShell Python Scripting SIEM SOC SSDLC Terraform Threat intelligence Vulnerabilities Vulnerability management

Perks/benefits: Competitive pay Equity / stock options Flex vacation Health care Team events Transparency Wellness

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.