Senior Security Operations Engineer
Now, more than ever, the Toast team is committed to our customers. We’re taking steps to help restaurants navigate these unprecedented times with technology, resources, and community. Our focus is on building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. And because our technology is purpose-built for restaurants, by restaurant people, restaurants can trust that we’ll deliver on their needs for today while investing in experiences that will power their restaurant of the future.
Bready for a change?*
Toast is looking for a senior engineer to join our security team. You’ll work in tandem with our engineering teams to think about and act on security challenges throughout all phases of software development, as well as help design and build new features to enhance the security of the Toast platform. You will have a major impact on the overall direction of security at Toast as the team works to design and implement new approaches to application security. We love security innovators who stay informed about emerging threats and are always thinking about new and interesting solutions to match them.
About this roll* (Responsibilities)
- Lead security response efforts raised from the remainder of the company, escalating as necessary
- Creating tools and processes to monitor, detect, and mitigate risks discovered
- Work with fellow security team members to influence the company to help architect positive security changes
- Identify anomalies generated by monitoring solutions within the environment
- Create signatures and tools to analyze and detect malicious activity within AWS and corporate environments
- Leverage EDR solution to respond to suspicious/malicious activity and continuously baseline solution
- Lead or contribute to threat hunting efforts
- Leverage programming languages to solve problems and automate solutions to security findings
- Foster a security mindset with our development teams by working with security champions
Do you have the right ingredients*? (Requirements)
- Experience with programming or scripting languages
- Experience leveraging programming languages to solve problems and automate solutions
- Strong understanding of Amazon Web Services(AWS) cloud application architecture and best security practices
- Familiarity with penetration testing tools
- Understanding of Red team/Blue team activities
- Experience with threat modeling/incident response and tabletop exercises
- Experience with Splunk as a centralized logging service and SIEM
Bonus ingredients*: (Preferred skills)
- Familiarity with mobile application threats (iOS, Android).
- Familiarity with containerization and orchestration technologies (Docker highly preferred)
- Experience leading threat hunting efforts. Bonus points if you can apply this to AWS
- Familiarity with Mitre Att&ck Framework
*Bread puns appreciated but not required.