Senior Application Security Engineer, Employee Cloud at Toast
Now, more than ever, the Toast team is committed to our customers. We’re taking steps to help restaurants navigate these unprecedented times with technology, resources, and community. Our focus is on building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. And because our technology is purpose-built for restaurants, by restaurant people, restaurants can trust that we’ll deliver on their needs for today while investing in experiences that will power their restaurant of the future.
Bready for a change?*
Toast is looking for a senior security engineer to design and drive new security initiatives in our Employee Cloud product. You’ll work in tandem with Employee Cloud engineering teams to identify, think about and act on security challenges throughout all phases of software development, as well as help design and build new features to enhance the security of the Toast platform. You will have a major impact on the overall direction of security at Toast, and in this role you will be able to bring & apply your AppSec vision to Employee Cloud. We love security innovators who stay informed about emerging threats and are always thinking about new and interesting solutions to match them.
About this roll*:
- Identify, triage, and help remediate application vulnerabilities
- Design and implement new processes for AppSec in Employee Cloud
- Design and build tools to thwart attacks of all shapes and sizes
- Improve developer tooling to build a more robust SSDLC
- Help teams make informed, security-conscious decisions when building new software
- Assist incident response teams with application security expertise and tools
- Think like an attacker to identify weaknesses in application architecture
Do you have the right ingredients*? (Required skills)
- Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- Strong understanding of privacy, security, and cryptography patterns and when to apply them (such as PKIs, access management, data tokenization and anonymization)
- Strong understanding of cloud application architecture and common weaknesses
- Experience with threat modeling and tabletop exercises
- Experience in a Windows/.NET environment (e.g. VB.NET, C#)
- Experience with AWS
- Experience with MySQL
Bonus Ingredients*: (Preferred skills)
- Experience with web application firewalls, cloud and container security technologies, and/or SSDLC tooling (e.g. SAST/DAST/SCA)
- Experience with mobile apps/threats (iOS, Android)
- Experience with financial technology
*Bread puns appreciated but not required.
More on our tech stack:
Toast’s products run on a stack that ranges from guest and restaurant-facing Android tablets to backend services in Java, Kotlin, and C# to internal, guest-facing and restaurant-facing web apps. We use AWS extensively, ranging from S3 to RDS to Lambda and everything in-between. We have our own platform for dealing with user management, service elevations and robust load balancing. Toast stores data in a set of sharded Postgres databases and utilizes Apache Spark for large scale data workloads including query and batch processing. The main Toast POS application is a native Android application written in Java and Kotlin.