Product Security Engineer II

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

Product Security at Toast isn't just about running tools and reporting vulnerabilities – we're the vigilant chefs ensuring the Toast never gets burned. We bake security into every layer of our products, from the first sprinkle of an idea to the final serving of a fully-baked solution. Our team is the secret ingredient that makes Toast's digital recipe both delicious and secure. We collaborate closely with R&D, seasoning the development process with robust security measures that protect the services and applications our customers rely on to run their businesses. 

Like master chefs, we blend cutting-edge technology with strategic thinking, kneading security into the dough of every product we create. By joining our Product Security team, you'll be part of the kitchen crew that keeps our customers' trust from going stale. You'll tackle complex challenges that have real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day. It's not just about finding vulnerabilities – it's about crafting a recipe for digital trust that keeps our customers coming back for more.

About this roll* (Responsibilities) 

• Identify, triage, and provide remediation guidance for application vulnerabilities
• Improve developer tooling and adoption to build a more robust SSDLC
• Assist incident response teams with application security expertise and tools
• Think like an attacker to identify weaknesses in application architecture
• Collaborate with developers, using a #OneTeam approach to bake security into our products
• Research emerging security trends and technologies, keeping our defenses cutting-edge
• Contribute to Toast's Security Community of Practice

Do you have the right ingredients*? (Requirements)

• Strong grasp of common web vulnerabilities and how to mitigate them
• Proficiency in at least one programming language (Kotlin, Java, Python, Go, C#, etc.)
• Experience with security tools like static/dynamic analysis scanners and web proxies
• Solid understanding of cloud application architecture, network security, and secure coding practices
• Excellent communication skills - you can explain complex security concepts to both technical and non-technical audiences

Special Sauce* (Nonessential Skills/Nice to Haves)

• A relevant security certification (CISSP, CEH, GWAPT, OSCP)
• Experience with web application firewalls, cloud and container security technologies, and/or SSDLC tooling (e.g. SAST/DAST/SCA)
• Experience with mobile apps/threats (iOS, Android)
• Experience with securing financial technologies

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required