Senior Application Security Engineer
We’re not your traditional tech company and we don’t aim to be. Going against the grain is in our DNA. Building a revolutionary product begins with revolutionary thinking. That’s why we value diversity background and lived experience. Together, we empower restaurants of all sizes to build great teams, increase revenue, improve operations, and delight their guests. We pair our deep understanding of the restaurant industry with powerful cloud based software and restaurant-grade hardware to deliver an intuitive all-in-one platform. Join us on our mission to empower the restaurant community to delight guests, do what they love, and thrive.
Are you bready* for a change?
We’re looking for a senior engineer to join our rapidly growing security team. In this role, you’ll help our engineering organization to identify, triage, and remediate security issues. You’ll also work in tandem with our engineering teams to think about and act on security challenges through all phases of software development, and to help us design and build new features to enhance the security of the Toast platform. The Toast security team is working to design and implement new and innovative approaches to application security, and as a senior engineer on the Application Security team, you will have a major impact on the overall direction of application security at Toast. The ideal candidate is someone who can “think like an attacker”, and who is always staying informed about emerging threats so that they know how to spot issues when they see them. We love security innovators who are always thinking about new and interesting solutions to match the industry’s emerging challenges.
About this roll*:
- Identify, triage, and help remediate application vulnerabilities
- Design & build tools to thwart attacks of all shapes and sizes
- Improve developer tooling to build a more robust SSDLC
- Help teams make informed, security-conscious decisions when building new software
- Assist Toast’s Security Operations by bringing visibility to application-layer attacks
- Think like an attacker to identify weaknesses in application architecture during all phases of software development
Do you have the right ingredients*?
- Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- Experience reading and reviewing complex code in a variety of languages (Java, Javascript/ES6, SQL and .NET are a priority)
- Strong understanding of privacy, security, and cryptography patterns and when to apply them (such as PKIs, access management, data tokenization and anonymization)
- Strong understanding of cloud application architecture (especially microservices) & common weaknesses
- Experience with threat modeling and tabletop exercises
- Experience with mobile apps/threats (iOS, Android) is a plus
- Experience with financial technology is a plus
*Bread puns encouraged but not required