Software Engineer II

About Toast

Toast is building the all-in-one restaurant platform that helps restaurants operate their business, increase sales, engage guests, and keep employees happy. Toast connects employees, operations, and guests on a reliable, easy-to-use platform so restaurateurs can stay one step ahead of a rapidly evolving hospitality market.

About the Team

The Identity and Access Management (IAM) organization is responsible for establishing and maintaining trust across Toast's entire ecosystem, ensuring that the right users have the right access to the right resources at the right time. IAM serves as the foundation for security across all Toast products, protecting millions of restaurant users and their sensitive data.

The Identity team serves as Toast's first line of defense against account takeovers and fraud, managing authentication, session management, and identity verification systems across all platforms. We implement and maintain secure authentication mechanisms including SSO, MFA, passwordless, and device authentication while ensuring seamless user experiences across web, mobile, and POS environments. As the primary interface between security and fraud prevention, the team develops real-time threat detection capabilities, session monitoring systems, and identity verification workflows that protect both Toast and its customers from unauthorized access. We also manage integrations with external authentication providers and oversee Toast's evolution into a trusted identity provider for the restaurant industry.

About this roll* (Responsibilities)

You'll be a key contributor on the Identity team as we scale our authentication and session management platform to meet the security needs of thousands of restaurants and millions of users. You'll work collaboratively across engineering teams to build the foundation of trust and security across Toast's entire ecosystem.

• Build and enhance Toast's authentication infrastructure, including SSO, MFA, passwordless authentication, and device authentication flows
• Develop session management systems that maintain secure, reliable user sessions across web, mobile, and POS platforms
• Implement real-time threat detection and identity verification workflows to prevent account takeovers and fraud
• Work with external authentication providers to integrate cutting-edge security features while maintaining seamless user experiences
• Collaborate on building Toast's identity provider capabilities, enabling Toast to become a trusted authentication source for the restaurant industry
• Design and implement secure token validation, refresh token management, and session lifecycle management
• Learn & gain experience at every stage – solution design, estimation, coding, code review, testing, debugging, integrating, documenting, and maintaining
• Follow best practices – quality integration, continuous delivery, automated testing, security reviews, end-to-end testing, and performance testing
• Ensure that all work is delivered with quality and is monitored and supported in production

Do you have the right ingredients? (Requirements)

• 2+ years of experience as a software engineer.
• Knowledge of Kotlin, Java, or another object-oriented language
• Hands-on experience with Cloud technologies, e.g., AWS DynamoDB and ECS
• Experience with identity and access management (IAM) systems or security-focused engineering
• Understanding of authentication and authorization concepts (OAuth, OIDC, JWT, session management)
• Familiarity with security best practices and building systems that protect user data
• Desire to make a real-world customer impact

Special Sauce (Nice to Haves)

• Interest in testing and quality best practices
• Solid understanding of multi-factor authentication (MFA), passwordless authentication, or biometric authentication"
• Understanding of threat detection, fraud prevention, or session management systems
• Eagerness to learn about new technologies and new ways of working
• Aptitude for tackling complex and ambiguous problems with guidance from other engineers
• Interest in cryptography, token validation, and secure session handling
• Prior experience in security-critical systems

What we use to make our dish (Our Tech Stack)

• A core of Java & Kotlin based backend services
• PostgreSQL and DynamoDB as core persistence
• Apache Pulsar for message-based integrations
• Apache Camel for message routing, transformation, etc.
• Dropwizard framework for building RESTful services
• OpenAPI/Swagger for schema-first API development
• AWS services including ECS, CloudWatch, and more
• And many more technologies that help us build a top-class platform

Why Join the Identity Team?

• Mission-Critical Impact: Your work directly protects millions of restaurant users and prevents fraud across Toast's ecosystem
• Cutting-Edge Security: Work with modern authentication technologies, identity verification systems, and real-time threat detection
• Complex Problems: Tackle challenging problems in distributed systems, security, and user experience at scale
• Learning & Growth: Gain deep expertise in authentication, authorization, session management, and security best practices
• Collaborative Environment: Work with talented engineers across multiple teams to deliver secure, reliable solutions

Industry Leadership: Help build Toast into a trusted identity provider for the restaurant industry