Senior Application Security Engineer
Now, more than ever, the Toast team is committed to our customers. We’re taking steps to help restaurants navigate these unprecedented times with technology, resources, and community. Our focus is on building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. And because our technology is purpose-built for restaurants, by restaurant people, restaurants can trust that we’ll deliver on their needs for today while investing in experiences that will power their restaurant of the future.
Bready for a change?*
Toast is looking for a senior engineer to join our security team. You’ll work in tandem with our engineering teams to think about and act on security challenges throughout all phases of software development, as well as help design and build new features to enhance the security of the Toast platform. You will have a major impact on the overall direction of security at Toast as the team works to design and implement new approaches to application security. We love security innovators who stay informed about emerging threats and are always thinking about new and interesting solutions to match them.
About this roll* (Responsibilities)
- Identify, triage, and help remediate application vulnerabilities
- Design and build tools to thwart attacks of all shapes and sizes
- Improve developer tooling to build a more robust SSDLC
- Help teams make informed, security-conscious decisions when building new software
- Assist incident response teams with application security expertise and tools
- Think like an attacker to identify weaknesses in application architecture
Do you have the right ingredients*? (Requirements)
- Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
- Experience reading and reviewing complex code in a variety of languages
- Strong understanding of privacy, security, and cryptography patterns and when to apply them (such as PKIs, access management, data tokenization and anonymization)
- Strong understanding of cloud application architecture (especially microservices) and common weaknesses
- Experience with threat modeling and tabletop exercises
Bonus Ingredients*: (Preferred skills)
- Experience with web application firewalls, cloud and container security technologies, and/or SSDLC tooling (e.g. SAST/DAST/SCA)
- Experience with mobile apps/threats (iOS, Android)
- Experience with financial technology
*Bread puns encouraged but not required
More on our tech stack:
Toast’s products run on a stack that ranges from guest and restaurant-facing Android tablets to backend services in Java, Kotlin, and C# to internal, guest-facing and restaurant-facing web apps. We use AWS extensively, ranging from S3 to RDS to Lambda and everything in-between. We have our own platform for dealing with user management, service elevations and robust load balancing. Toast stores data in a set of sharded Postgres databases and utilizes Apache Spark for large scale data workloads including query and batch processing. The main Toast POS application is a native Android application written in Java and Kotlin.