Job Description

At Toast, we are committed to creating innovative solutions that enhance security and leverage the power of artificial intelligence to drive restaurant business growth and help them thrive. We are seeking a highly skilled and versatile engineer who specializes in application security to join our dynamic team.Job Summary:The Senior Application Security Engineer will be responsible for designing, implementing, and maintaining secure applications and collaborate closely with development teams to embed security best practices throughout the software development lifecycle (SDLC). This role requires a deep understanding of security principles, cloud architecture, and AI technologies to ensure our systems are robust, scalable, and secure.Key Responsibilities:Application Security:

• Conduct security assessments and code reviews to identify and mitigate vulnerabilities in web, mobile applications and APIs.
• Identify, analyze, and prioritize security risks and vulnerabilities.
• Implement and manage security protocols and measures to protect applications from threats.
• Develop and maintain security tools and frameworks to support secure software development.
• Develop and execute security testing strategies to validate the effectiveness of security controls.
• Promote and enforce security best practices throughout the SDLC.
• Provide guidance on secure coding principles, secure design patterns, and cryptographic techniques.

General Security Practices:

• Stay current with the latest security threats, vulnerabilities, and technology trends.
• Develop and deliver security training and awareness programs for engineering teams.
• Work closely with cross-functional teams to embed security best practices throughout the development lifecycle.

Required Skills and Qualifications:Education:

• Bachelor's or Master's degree in Computer Science, Engineering, Information Security, or a related field.

Experience:

• Minimum of 5 years of experience in application security domain
• Proven experience with secure software development practices and tools (e.g., SCA, SAST, DAST).
• Proven experience with pentesting of web applications, mobile applications (Android and IOS) and APIs (REST and GraphQL)

Technical Skills:

• Strong programming skills in languages such as Python, Java, Kotlin, C++, or similar.
• Deep understanding of security principles, cryptography, and secure coding practices.
• Familiarity with DevSecOps practices and CI/CD pipelines.
• Knowledge of containerization technologies (e.g., Docker, Kubernetes) and their security implications.
• Experience with AI security testing tools and techniques.

Soft Skills:

• Excellent problem-solving and analytical skills.
• Strong communication and collaboration abilities.
• Ability to work independently and as part of a team in a fast-paced environment.

Preferred Qualifications:

• Relevant security certifications such as CISSP, CEH, or similar.
• Knowledge of frameworks such as OWASP, SANS.
• Knowledge of compliance frameworks such as PCI, ISO, GDPR, or similar.

We are ToastersDiversity, Equity, and Inclusion is Baked into our Recipe for Success.At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.Bready* to make a change? Apply today!Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact .

Toast Inc