Senior Application Security Engineer


Job Description / Skills Required

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

Now, more than ever, the Toast team is committed to our customers. We’re taking steps to help restaurants navigate these unprecedented times with technology, resources, and community. Our focus is on building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. And because our technology is purpose-built for restaurants, by restaurant people, restaurants can trust that we’ll deliver on their needs for today while investing in experiences that will power their restaurant of the future. 

About this roll* (Responsibilities) 

  • Identify, triage, and provide remediation guidance for application vulnerabilities
  • Select, implement, design, or build tools to thwart attacks of all shapes and sizes
  • Improve developer tooling and adoption to build a more robust SSDLC
  • Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new software
  • Support and expand the Security Champions program
  • Assist incident response teams with application security expertise and tools
  • Think like an attacker to identify weaknesses in application architecture


Do you have the right ingredients*? (Requirements)

  • Experience reading, reviewing, and providing security guidance for complex code in a variety of languages and frameworks (Java, Kotlin, Javascript/ES6, React, and Python are a priority)
  • Strong understanding of cloud application architecture and common weaknesses
  • Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
  • Successful history of being a subject matter expert to guide products and lines of business to better security outcomes 
  • Previous experience securing end user facing applications, both web and mobile 
  • Strong understanding of privacy, security, and cryptography patterns and when to apply them (such as PKIs, access management, data tokenization, and anonymization)
  • Experience with AWS
  • Experience with MySQL / PostgreSQL 

Special Sauce* (Nonessential Skills/Nice to Haves)

  • Experience with web application firewalls, cloud and container security technologies, and/or SSDLC tooling (e.g. SAST/DAST/SCA) 
  • Experience with mobile apps/threats (iOS, Android) 
  • Experience with securing financial technologies

Our Spread of Total Rewards

  • Unlimited Vacation
  • Sabbatical opportunity after five years
  • Professional Development Reimbursement Program
  • Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
  • Various peer and company recognition programs 
  • 401(k) and matching
  • Medical, Dental, & Vision Coverage
  • Mental Health Benefits
  • Subsidized backup childcare

*Bread puns encouraged but not required


We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact [email protected].

For roles based in the United States:  As part of our commitment to the health and safety of our employees and their families, all individuals entering our US workspaces are required to provide proof of full vaccination against COVID-19 unless they have an approved medical or religious accommodation.