Product Security Engineer II

We are seeking a highly skilled and experienced Application Security Engineer to join our dynamic team. In this role, you will be responsible for safeguarding our applications and systems from cyber threats. You will collaborate closely with development teams to embed security best practices throughout the software development lifecycle (SDLC).

A Day in Life (Responsibilities)

Security Assessments:

• Assist in conducting security assessments, including penetration testing, vulnerability scanning, and code reviews.
• Help identify, analyze, and prioritize security risks and vulnerabilities.
• Support the development and execution of security testing strategies to ensure security controls are effective.

Threat Modeling:

• Work with development teams to participate in threat modeling exercises.
• Aid in identifying potential threats and vulnerabilities and suggest appropriate mitigation strategies.

Secure Development Lifecycle (SDLC):

• Advocate for and help implement security best practices throughout the SDLC.
• Offer guidance on secure coding principles and secure design patterns.

Security Awareness and Training:

• Contribute to security awareness training for development teams and other stakeholders.
• Help foster a security-conscious culture within the organization.

Stay Updated:

• Keep up-to-date with the latest security threats, vulnerabilities, and industry best practices. 

What Success Looks Like in this Role:

• A solid understanding of secure coding practices.
• Understanding of common web vulnerabilities and how to mitigate them.
• Familiarity with common security frameworks and standards.
• A foundational understanding of application architecture.
• Growing proficiency with security tools and technologies.

Work Mode: This role follows a hybrid work model, requiring a minimum of 2 days per week in the office.

We are excited about you if you have these things:

• Education: Bachelor’s or Master’s degree in Computer Science, Engineering, Information Security, or a related field.
• 2-4 years of experience in the application security domain.
• Hands-on experience in penetration testing for Web, Mobile (Android & iOS), and APIs.
• Experience performing scans using tools such as Burp Suite, Synk, or similar.
• Basic scripting or programming skills in languages like Python or Ruby.
• Familiarity with multiple programming languages to help identify vulnerabilities in source code.

Diversity, Equity, and Inclusion is Baked into our Recipe for Success

At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.

We Thrive Together

We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.

Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

------

For roles in the United States, It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.