Senior Product Security Engineer

Toast

6h•$115,000 - $234,000•Hybrid

About The Position

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy. SEAR at Toast focuses on actionable intelligence collection, analysis, and delivery to engineers, and hunting the adversaries who would damage and defraud Toast, its customers, and its partners. The team bakes security into every layer of products, from the first sprinkle of an idea to the final serving of a fully-baked solution, tasked with searching out and degrading the operations of persistent, motivated attackers. By joining SEAR, you'll be part of the kitchen crew that keeps customers' trust from going stale, tackling complex challenges with real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day. It's about crafting a recipe for digital trust that keeps customers coming back for more.

Requirements

Minimum 5+ years of experience in application security and security engineering.
Experience building and maintaining scaled Java web services in production.
Experience developing script applications in Python for scheduling and backend data handling.
Experience leveraging LLM AI features for software development and/or security operations.
Strong understanding of cloud application architecture.
Successful history of being a subject matter expert to guide colleagues toward better security outcomes, especially related to abuse, fraud and legal concerns.
Previous security experience working with fintech applications and associated requirements.
Strong understanding of privacy, security, and cryptography patterns and when to apply them, especially when handling customer information (such as PKIs, access management, data tokenization, and anonymization).

Nice To Haves

Offensive security training and certifications (e.g. OSCP, OSWE, OSEP)
Edge Security solution like WAF, API Security
Adversary Emulation proficiency (red/purple teaming)
Cloud and container security technologies
SSDLC tooling (e.g., SAST/DAST/SCA)
Scaled data handling in RDBMS, streaming, and columnar stores
Metrics and charting software proficiency
Mobile apps/threats (iOS, Android), and their particular abuse vectors
Knowledge in security of operating systems, networking and protocols
Securing financial technologies and associated requirements

Responsibilities

Select, implement, design, and build services and tools to manage and deliver security intelligence across Toast platforms.
Identify, triage, and provide remediation guidance for application vulnerabilities, with a specific focus on anti-abuse activities.
Improve developer tooling and adoption to build a more robust SSDLC which integrates security and anti-abuse features.
Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new public-facing software.
Assist incident response teams with application security expertise and tools, especially related to abuse and fraud.
Build threat models on Toast applications and use cases.
Guide in the design and maintenance of robust and resilient network and application architecture.
Collaborate to improve information gathering and sharing across all Toast products.
Leverage cutting edge AI tools to enhance your development workflow, improve velocity, and help pioneer new approaches to building - contributing to a culture of innovation and productivity across the team.

Benefits

Competitive compensation and benefits programs
Total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs
Cash compensation (overtime, bonus/commissions if eligible)
Equity

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume