Postman - Senior Offensive Security Manager

• AI/ML Offensive Depth: Demonstrated experience attacking AI/ML systems — whether through adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets. You understand the difference between prompt injection and indirect prompt injection, know what a tool-use confusion attack looks like, and can articulate why RAG poisoning is a supply chain problem. • AI/ML Offensive Depth: • Strategic Acumen: Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one. Experience setting OKRs, managing budgets, and presenting to executive leadership. • Strategic Acumen: • Adversarial Mindset: Deep understanding of the modern threat landscape and how to apply it to cloud-native, API-first environments — extended to AI-native architectures. • Adversarial Mindset: • AI Offensive Tooling Fluency: Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and purpose-built AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses). Understanding of how to manage non-deterministic AI outputs in both offensive tooling and target systems. • AI Offensive Tooling Fluency: • Pragmatic Storytelling: You believe that a well-executed exploit demo is more effective than a 50-page PDF. You can present a complex exploit chain — including an AI-specific attack path — to a room of developers in a way that is inspiring, not condescending. • Pragmatic Storytelling: • Engineering Fluency: You prefer building an automated "exploit-as-code" validator over performing the same manual test twice. You can architect evaluation harnesses and adversarial test suites for ML models. • Engineering Fluency: • Preferred • Industry Presence: Track record of contributions to the offensive security or AI security community — conference talks (DEF CON, Black Hat, BSides, RSA), tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups. • Industry Presence: • Certifications: OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent hands-on offensive certifications. AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator. • Certifications: • Cloud Security Expertise: Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation. • Cloud Security Expertise: • API Security Depth: Experience with API-specific attack methodologies — BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation — reflecting Postman's core product domain. • API Security Depth: • Compliance Awareness: Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence. You don't run GRC, but you know how to feed it. • Compliance Awareness: • The reasonably estimated base salary for this role ranges from $275,000 to $300,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. • What Else? • What Else? • In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves. • At Postman we value in person collaboration. We are in office 5 days a week for all roles based out of our hubs in San Francisco Bay Area, Boston, Austin, Tokyo and London. For roles based in Bangalore, employees currently work in the office three days a week and will transition to five days per week by the end of the year. We were thoughtful in our approach which is based on collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our in office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom. • Our Values • Our Values • At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can. • Equal opportunity • Equal opportunity