Senior Product Security Engineer

At Toast, we are committed to creating innovative solutions that enhance security and leverage the power of artificial intelligence to drive restaurant business growth and help them thrive. We are seeking a highly skilled and versatile engineer who specializes in application security to join our dynamic team.

Job Summary:

The Senior Application Security Engineer will be responsible for designing, implementing, and maintaining secure applications and collaborate closely with development teams to embed security best practices throughout the software development lifecycle (SDLC). This role requires a deep understanding of security principles, cloud architecture, and AI technologies to ensure our systems are robust, scalable, and secure.

Key Responsibilities:

Application Security:

• Conduct security assessments and code reviews to identify and mitigate vulnerabilities in web, mobile applications and APIs.
• Identify, analyze, and prioritize security risks and vulnerabilities.
• Implement and manage security protocols and measures to protect applications from threats.
• Develop and maintain security tools and frameworks to support secure software development.
• Develop and execute security testing strategies to validate the effectiveness of security controls.
• Promote and enforce security best practices throughout the SDLC.
• Provide guidance on secure coding principles, secure design patterns, and cryptographic techniques.

General Security Practices:

• Stay current with the latest security threats, vulnerabilities, and technology trends.
• Develop and deliver security training and awareness programs for engineering teams.
• Work closely with cross-functional teams to embed security best practices throughout the development lifecycle.

Required Skills and Qualifications:

Education:

• Bachelor s or Master s degree in Computer Science, Engineering, Information Security, or a related field.

Experience:

• Minimum of 5 years of experience in application security domain
• Proven experience with secure software development practices and tools (e.g., SCA, SAST, DAST).
• Proven experience with pentesting of web applications, mobile applications (Android and IOS) and APIs (REST and GraphQL)

Technical Skills:

• Strong programming skills in languages such as Python, Java, Kotlin, C++, or similar.
• Deep understanding of security principles, cryptography, and secure coding practices.
• Familiarity with DevSecOps practices and CI/CD pipelines.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and their security implications.
• Experience with AI security testing tools and techniques.

Soft Skills:

• Excellent problem-solving and analytical skills.
• Strong communication and collaboration abilities.
• Ability to work independently and as part of a team in a fast-paced environment.

Preferred Qualifications:

• Relevant security certifications such as CISSP, CEH, or similar.
• Knowledge of frameworks such as OWASP, SANS.
• Knowledge of compliance frameworks such as PCI, ISO, GDPR, or similar.