Principal Application Security Engineer

Boston, MA, United States


Principal Application Security Engineer

  • R6928
  • Remote
  • Remote, United States
  • Engineering

Now, more than ever, the Toast team is committed to our customers. We’re taking steps to help restaurants navigate these unprecedented times with technology, resources, and community. Our focus is on building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. And because our technology is purpose-built for restaurants, by restaurant people, restaurants can trust that we’ll deliver on their needs for today while investing in experiences that will power their restaurant of the future.

About this roll* (Responsibilities) 

  • Identify, triage, and provide remediation guidance for application vulnerabilities
  • Select, implement, design, or build tools to thwart attacks of all shapes and sizes
  • Improve developer tooling and adoption to build a more robust SSDLC
  • Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new software
  • Support and expand the Security Champions program
  • Assist incident response teams with application security expertise and tools
  • Think like an attacker to identify weaknesses in application architecture

Do you have the right ingredients*? (Requirements)

  • Experience reading, reviewing, and providing security guidance for complex code in a variety of languages and frameworks (Java, Kotlin, Javascript/ES6, React, and Python are a priority)
  • Strong understanding of cloud application architecture and common weaknesses
  • Experience identifying and helping to resolve common application security flaws (e.g. OWASP, SANS)
  • Previous experience with providing security of highly performant multi-tier applications and microservices  
  • Successful history of being a subject matter expert to guide products and lines of business to better security outcomes 
  • Strong understanding of privacy, security, and cryptography patterns and when to apply them (such as PKIs, access management, data tokenization, and anonymization)
  • Experience with AWS
  • Experience with MySQL / PostgreSQL

Our Spread of Total Rewards

  • Unlimited Vacation
  • Sabbatical opportunity after five years
  • Professional Development Reimbursement Program
  • Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
  • Various peer and company recognition programs 
  • 401(k) and matching
  • Medical, Dental, & Vision Coverage
  • Mental Health Benefits
  • Subsidized backup childcare

Special Sauce* (Nonessential Skills/Nice to Haves)

  • Experience with web application firewalls, cloud and container security technologies, and/or SSDLC tooling (e.g. SAST/DAST/SCA) 
  • Experience with mobile apps/threats (iOS, Android) 
  • Experience with securing financial technologies

*Bread puns encouraged but not required


We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

Bready* for a change?

Apply now

Apply now

Sign in with LinkedIn
Autofill my information with LinkedIn

Not You?

Thank you

Notice on fraudulent jobs

We have been made aware of instances of fraudulent job postings and/or fraudulent recruiting activity by bad actors, purporting to represent Toast.  These fraudulent schemes often seek monetary contributions or payments from job seekers (such as for "start up costs" or "equipment"), or seek to collect sensitive personal or banking information from job seekers.  These job postings and offers are not authorized by Toast, and Toast is not responsible for fraudulent offers or requests for personal information or payments.  Toast will never ask for any financial commitment or contribution from a candidate at any stage of the recruitment process.  Candidates who have questions about the validity of Toast job postings or offers should consult the job postings on our careers.toasttab.com career site.

Check out other rolls*