Staff Security Engineer (Product Security & IAM)
Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.
Product Security at Toast isn't just about running tools and reporting vulnerabilities – we're the vigilant chefs ensuring the Toast never gets burned. We bake security into every layer of our products, from the first sprinkle of an idea to the final serving of a fully-baked solution. Our team is the secret ingredient that makes Toast's digital recipe both delicious and secure. We collaborate closely with R&D, seasoning the development process with robust security measures that protect the services and applications our customers rely on to run their businesses.
Like master chefs, we blend cutting-edge technology with strategic thinking, kneading security into the dough of every product we create. By joining our Product Security team, you'll be part of the kitchen crew that keeps our customers' trust from going stale. You'll tackle complex challenges that have real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day. It's not just about finding vulnerabilities – it's about crafting a recipe for digital trust that keeps our customers coming back for more.
About this roll (Responsibilities)
- Identify, triage, and provide remediation guidance for application vulnerabilities, with a specific focus on IAM-related issues.
- Select, implement, design, or build tools to manage and secure identity and access across Toast platforms.
- Improve developer tooling and adoption to build a more robust SSDLC with respect to IAM best practices.
- Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new software with IAM considerations.
- Support and expand the Security Champions program, providing IAM-specific training and guidance.
- Assist incident response teams with application security expertise and tools, especially related to IAM incidents.
- Build threat models on IAM applications and architecture.
- Guide in the design and maintenance of secure authentication and authorization mechanisms.
- Provide signals for IAM events to the SOC for better alerting and response.
Do you have the right ingredients? (Requirements)
- Minimum 7+ years of experience in application security
- Experience reading, reviewing, and providing security guidance for complex code in a variety of languages and frameworks (Java/Kotlin, Javascript/ES6, React, and Python are a priority), with a strong emphasis on IAM implementations.
- Strong understanding of cloud application architecture and common IAM weaknesses (e.g., insecure authentication, authorization flaws, privilege escalation).
- Experience identifying and helping to resolve common application security flaws (e.g., OWASP, SANS) related to IAM.
- Successful history of being a subject matter expert to guide products and lines of business to better security outcomes related to IAM.
- Previous security experience working with fintech applications and associated IAM requirements.
- Strong understanding of privacy, security, and cryptography patterns and when to apply them, especially within IAM (such as PKIs, access management, data tokenization, and anonymization).
- Deep understanding of IAM concepts (e.g., OAuth, OIDC, SAML).
Special Sauce (Nonessential Skills/Nice to Haves)*
- Cloud and container security technologies.
- SSDLC tooling (e.g., SAST/DAST/SCA), particularly those focused on IAM.
- AWS IAM.
- Infrastructure-as-code (IaC) technologies like Terraform to manage cloud security services.
- Mobile apps/threats (iOS, Android), and their related IAM challenges.
- Securing financial technologies and associated IAM requirements.
- Directory services (e.g., LDAP, Active Directory).
**This is a hybrid role, requiring two days in the office per week**
Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.
*Bread puns encouraged but not required
Diversity, Equity, and Inclusion is Baked into our Recipe for Success
At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.
We Thrive Together
We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.
Apply today!
Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Join Toast as a Staff Security Engineer (Product Security & IAM) in the vibrant city of Dublin, Ireland! At Toast, we believe in building a restaurant platform that empowers our partners to thrive, and we take product security seriously. Our Product Security team is not just about identifying vulnerabilities; we’re all about integrating security seamlessly throughout the product lifecycle. Here, you'll collaborate with our R&D teams to bake security into every application we develop, ensuring our clients can focus on running their restaurants without worrying about their digital safety. You'll tackle complex challenges—after all, safeguarding our customers' trust is paramount. With responsibilities ranging from identifying and remediating IAM-related vulnerabilities to enhancing our developer tooling for a secure software development lifecycle, your expertise will be invaluable. You’ll also enrich the Security Champions program and assist various teams with your IAM knowledge. Plus, you’ll have the opportunity to create effective authentication mechanisms while working closely with incident response teams. If you have a rich background in application security, especially surrounding IAM solutions, this role could be the perfect blend of your skills and career aspirations. Step into a place where every team member contributes to the recipe for digital trust. Join us and be a part of something truly special at Toast!
Join Caseware as a Director of IT & Enterprise Systems to lead technology strategy and manage enterprise systems for a growing global SaaS organization.
Join TTEC Digital as a Senior AWS Presales Solution Architect to drive customer experience enhancements with AWS technologies.
Join HealthEquity as a Site Reliability Engineer II and contribute to empowering healthcare consumers through automation and system reliability.
We are looking for a talented Network Administrator to maintain and enhance our critical networking infrastructure for the Special Operations Command.
Restaurant
381 jobs
Subscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
Sign up for our weekly
newsletter of fresh jobs
