Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.
SEAR at Toast focuses on two things: actionable intelligence collection, analysis, and delivery to engineers, and hunting the adversaries who would damage and defraud Toast, its customers, and its partners. We bake security into every layer of our products, from the first sprinkle of an idea to the final serving of a fully-baked solution. Our team is tasked with searching out and degrading the operations of persistent, motivated attackers.
Like master chefs, we blend cutting-edge technology with strategic thinking, implementing bespoke and industry-standard solutions for intelligence processing at scale. By joining SEAR, you'll be part of the kitchen crew that keeps our customers' trust from going stale. You'll tackle complex challenges that have real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day. It's not just about pattern-matching – it's about crafting a recipe for digital trust that keeps our customers coming back for more.
**A day in the life (Responsibilities) **
- Select, implement, design, and build services and tools to manage and deliver security intelligence across Toast platforms.
- Identify, triage, and provide remediation guidance for application vulnerabilities, with a specific focus on anti-abuse activities.
- Improve developer tooling and adoption to build a more robust SSDLC which integrates security and anti-abuse features.
- Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new public-facing software.
- Assist incident response teams with application security expertise and tools, especially related to abuse and fraud.
- Build threat models on Toast applications and use cases.
- Guide in the design and maintenance of robust and resilient network and application architecture.
- Collaborate to improve information gathering and sharing across all Toast products.
What you'll need to thrive (Requirements)
- Minimum 5+ years of experience in security engineering.
- Experience building and maintaining scaled Java web services in production.
- Experience developing script applications in Python for scheduling and backend data handling.
- Experience leveraging LLM AI features for software development and/or security operations.
- Strong understanding of cloud application architecture.
- Successful history of being a subject matter expert to guide colleagues toward better security outcomes, especially related to abuse, fraud and legal concerns.
- Previous security experience working with fintech applications and associated requirements.
- Strong understanding of privacy, security, and cryptography patterns and when to apply them, especially when handling customer information (such as PKIs, access management, data tokenization, and anonymization).
Special Sauce (Nice to Haves)*
- Offensive security training and certifications (e.g. OSCP, OSWE, OSEP)
- Edge Security solution like WAF, API Security
- Adversary Emulation proficiency (red/purple teaming)
- Cloud and container security technologies
- SSDLC tooling (e.g., SAST/DAST/SCA)
- Scaled data handling in RDBMS, streaming, and columnar stores
- Metrics and charting software proficiency
- Mobile apps/threats (iOS, Android), and their particular abuse vectors
- Knowledge in security of operating systems, networking and protocols
- Securing financial technologies and associated requirements
AI at Toast
At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.
**Our Total Rewards Philosophy **We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.
How Toast Uses AI in its Hiring Process
Throughout the hiring process, our goal is to get to know you. We use AI tools to support our recruiters and interviewers with tasks like note-taking, summarization, and documentation of interviews to ensure they can be fully focused on your conversation. All hiring decisions are made by people. To learn more: https://careers.toasttab.com/ai-in-hiring
Diversity, Equity, and Inclusion is Baked into our Recipe for Success
At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.
We Thrive Together
We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.
Apply today!
Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.
------
For roles in the United States, it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.