Principal Offensive Security Engineer
PostmanWho Are We?
Postman is the world’s leading API platform, used by more than 45 million+ developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.
The company is headquartered in San Francisco and has offices in Boston, New York, Austin, Tokyo, London, and Bangalore - where Postman was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.
P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.
About the Team
The Information Security organization at Postman operates across three pillars: Governance Risk & Compliance (GRC), Product Security, and Security Operations. We are a team of builders, not checkbox-checkers. We hold active SOC 2 Type II, ISO 27001, ISO 42001, and HIPAA compliance postures, and we are pursuing FedRAMP High and CMMC Level 2 authorization. Our security stack includes Wiz, SentinelOne, Okta, Jamf, and 1Password, and we operate across a multi-cloud environment.
The Offensive Security team is the "red" pulse of this organization. We don't just find bugs — we simulate the adversary to ensure our defenses hold up under real-world pressure. We focus on continuous security validation, AI-augmented adversary emulation, and offensive AI security research at Postman's scale.
The Opportunity
We are looking for a Principal Offensive Security Engineer who is as much a strategist as they are a hacker. You will own the strategic direction of Postman's offensive security program — including building out a dedicated Offensive AI Security capability from the ground up — and operate as a key partner to CISO leadership on threat-informed defense strategy.
This is not a role where you inherit a mature program and keep the lights on. You will shape what offensive security looks like at Postman for the next three years, with a specific mandate to make us an industry leader in adversarial testing of AI systems, agentic workflows, and LLM integrations.
You will lead a team that doesn't just "report" vulnerabiliti
Listed via
Greenhouse
Similar roles
Sr. Customer Support Engineer, Raipur
Danaher
Collibra Platform Developer (Mid to Senior)
Arch Capital Group Ltd.
Scheduling Director (Renewables Construction)
MasTec Industrial
Mom and Baby Care Manager - RN - Must reside in Nevada
CareSource
Design & Tech
Related reads from TCHNX
The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.
The Return of Physical Controls: Why Haptic Feedback Is Reshaping Digital Interfaces
After years of pursuing flat, buttonless designs, tech companies are rediscovering the value of tactile interaction. A new wave of products proves that touching isn't just feeling it's understanding.
The Quiet Revolution of Parametric Design Tools in Everyday Products
Parametric design is migrating from architecture studios to consumer products. As tools democratize and manufacturers adopt flexible production, we're entering an era of mass customization that challenges fundamental assumptions about design.