Senior Product Security Engineer

Senior Product Security Engineer Toast is driven by building the restaurant platform that helps restaurants adapt take control and get back to what they do best building the businesses they love Product Security at Toast isn t just about running tools and reporting vulnerabilities - we re the vigilant chefs ensuring the Toast never gets burned We bake security into every layer of our products from the first sprinkle of an idea to the final serving of a fully-baked solution Our team is the secret ingredient that makes Toast s digital recipe both delicious and secure We collaborate closely with R D seasoning the development process with robust security measures that protect the services and applications our customers rely on to run their businesses Like master chefs we blend cutting-edge technology with strategic thinking kneading security into the dough of every product we create By joining our Product Security team you ll be part of the kitchen crew that keeps our customers trust from going stale You ll tackle complex challenges that have real-world impact helping to serve up a safer more secure digital experience for businesses that count on Toast every day It s not just about finding vulnerabilities - it s about crafting a recipe for digital trust that keeps our customers coming back for more About this roll Responsibilities Identify triage and provide remediation guidance for application vulnerabilities Select implement design or build tools to thwart attacks of all shapes and sizes Improve developer tooling and adoption to build a more robust SSDLC Practice a OneTeam attitude to help other Toast teams make informed security-conscious decisions when building new software Support and expand the Security Champions program providing edge security guidance and training Assist incident response teams with application security expertise and tools Think like an attacker to identify weaknesses in application architecture In addition Support Cloud and Network Infrastructure Engineering s implementation of edge security solutions Influence the implementation and rule maintenance of our WAF strategy and other edge security solutions Advise on WAF rules and policies to protect against common and emerging threats Conduct regular assessments of our edge security posture and recommend improvements Provide expertise on Content Delivery Networks CDNs and their security features Do you have the right ingredients Requirements 5 years of experience in application security Strong knowledge of common web application vulnerabilities and edge-based attack vectors Proficiency in analyzing web traffic patterns and identifying anomalies Knowledge of compliance standards relevant to the financial industry e g PCI DSS SOC 2 Excellent problem-solving skills and ability to think creatively about edge security challenges Strong communication skills with the ability to explain complex edge security concepts to both technical and non-technical audiences Strong understanding of cloud application architecture and common weaknesses Special Sauce Nonessential Skills Nice to Haves Experience with Understanding of WAF configuration tuning and optimization Popular WAF solutions e g AWS WAF Cloudflare Akamai ModSecurity Familiarity with CDN technologies and their security features Cloud and container security technologies and SSDLC tooling e g SAST DAST SCA Infrastructure-as-code IaC technologies like Terraform to manage cloud security services Securing financial technologies Relevant security certifications e g CCSP CISSP CSSLP are a plus Diversity Equity and Inclusion is Baked into our Recipe for Success At Toast our employees are our secret ingredient-when they thrive we thrive The restaurant industry is one of the most diverse and we embrace that diversity with authenticity inclusivity respect and humility By embedding these principles into our culture and design we create equitable opportunities for all and raise the bar in delivering exceptional experiences We Thrive Together We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs Our goal is to build a strong culture of connection as we work together to empower the restaurant community To learn more about how we work globally and regionally check out Apply today Toast is committed to creating an accessible and inclusive hiring process As part of this commitment we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process If you need an accommodation to access the job application or interview process please contact For roles in the United States It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment An employer who violates this law shall be subject to criminal penalties and civil liability