Staff Security Engineer (Product Security & IAM)

2 Months ago • 7 Years + • Product Management

Job Summary

Job Description

Toast is seeking a Staff Security Engineer specializing in Product Security and IAM. This role involves baking security into all layers of their products, collaborating with R&D to integrate robust security measures, and using cutting-edge technology with strategic thinking. The engineer will focus on identifying and remediating application vulnerabilities, particularly IAM-related issues, and implementing tools to manage identity and access across platforms. Responsibilities include improving developer tooling for a secure Software Development Lifecycle (SSDLC) with respect to IAM best practices, supporting the Security Champions program with IAM training, assisting incident response teams, building threat models, and guiding the design of secure authentication and authorization mechanisms.
Must have:
  • Identify, triage, and guide remediation of application vulnerabilities, focusing on IAM.
  • Implement or build tools to manage and secure identity and access.
  • Improve developer tooling and adoption for IAM SSDLC.
  • Provide IAM-specific training and guidance to other teams.
  • Assist incident response with application security expertise, especially for IAM incidents.
  • Build threat models on IAM applications and architecture.
  • Guide design and maintenance of secure authentication and authorization.
  • Provide IAM event signals for SOC alerting.
  • Minimum 7+ years of experience in application security.
  • Experience with code review and security guidance in Java/Kotlin, Javascript/ES6, React, Python, with emphasis on IAM.
  • Strong understanding of cloud application architecture and common IAM weaknesses.
  • Experience identifying and resolving common application security flaws related to IAM (OWASP, SANS).
  • Subject matter expertise to guide products on IAM security outcomes.
  • Strong understanding of privacy, security, and cryptography patterns, especially within IAM.
  • Deep understanding of IAM concepts like OAuth, OIDC, SAML.
Good to have:
  • Cloud and container security technologies.
  • SSDLC tooling (SAST/DAST/SCA) focused on IAM.
  • AWS IAM.
  • Infrastructure-as-code (IaC) like Terraform for cloud security.
  • Mobile apps/threats (iOS, Android) and their IAM challenges.
  • Securing financial technologies and associated IAM requirements.
  • Directory services (LDAP, Active Directory).

Job Details

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

Product Security at Toast isn't just about running tools and reporting vulnerabilities – we're the vigilant chefs ensuring the Toast never gets burned. We bake security into every layer of our products, from the first sprinkle of an idea to the final serving of a fully-baked solution. Our team is the secret ingredient that makes Toast's digital recipe both delicious and secure. We collaborate closely with R&D, seasoning the development process with robust security measures that protect the services and applications our customers rely on to run their businesses. 

Like master chefs, we blend cutting-edge technology with strategic thinking, kneading security into the dough of every product we create. By joining our Product Security team, you'll be part of the kitchen crew that keeps our customers' trust from going stale. You'll tackle complex challenges that have real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day. It's not just about finding vulnerabilities – it's about crafting a recipe for digital trust that keeps our customers coming back for more.

About this roll (Responsibilities)

  • Identify, triage, and provide remediation guidance for application vulnerabilities, with a specific focus on IAM-related issues.
  • Select, implement, design, or build tools to manage and secure identity and access across Toast platforms.
  • Improve developer tooling and adoption to build a more robust SSDLC with respect to IAM best practices.
  • Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new software with IAM considerations.
  • Support and expand the Security Champions program, providing IAM-specific training and guidance.
  • Assist incident response teams with application security expertise and tools, especially related to IAM incidents.
  • Build threat models on IAM applications and architecture.
  • Guide in the design and maintenance of secure authentication and authorization mechanisms.
  • Provide signals for IAM events to the SOC for better alerting and response.

Do you have the right ingredients? (Requirements)

  • Minimum 7+ years of experience in application security
  • Experience reading, reviewing, and providing security guidance for complex code in a variety of languages and frameworks (Java/Kotlin, Javascript/ES6, React, and Python are a priority), with a strong emphasis on IAM implementations.
  • Strong understanding of cloud application architecture and common IAM weaknesses (e.g., insecure authentication, authorization flaws, privilege escalation).
  • Experience identifying and helping to resolve common application security flaws (e.g., OWASP, SANS) related to IAM.
  • Successful history of being a subject matter expert to guide products and lines of business to better security outcomes related to IAM.
  • Previous security experience working with fintech applications and associated IAM requirements.
  • Strong understanding of privacy, security, and cryptography patterns and when to apply them, especially within IAM (such as PKIs, access management, data tokenization, and anonymization).
  • Deep understanding of IAM concepts (e.g., OAuth, OIDC, SAML).

Special Sauce (Nonessential Skills/Nice to Haves)*

  • Cloud and container security technologies.
  • SSDLC tooling (e.g., SAST/DAST/SCA), particularly those focused on IAM.
  • AWS IAM.
  • Infrastructure-as-code (IaC) technologies like Terraform to manage cloud security services.
  • Mobile apps/threats (iOS, Android), and their related IAM challenges.
  • Securing financial technologies and associated IAM requirements.
  • Directory services (e.g., LDAP, Active Directory).

**This is a hybrid role, requiring two days in the office per week**

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.



*Bread puns encouraged but not required



 

Diversity, Equity, and Inclusion is Baked into our Recipe for Success

At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.

We Thrive Together

We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.

Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

------

For roles in the United States, It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Similar Jobs

PPfa - Director, Strategic Sourcing

PPfa

New York, United States (Hybrid)
3 Weeks ago
TransUnion - Director, Alternative Data Solutions

TransUnion

Chicago, Illinois, United States (Hybrid)
2 Months ago
Escape Velocity Entertainment - Technical Artist

Escape Velocity Entertainment

Canada (Remote)
2 Months ago
Techland - Security Risk Officer

Techland

Warsaw, Masovian Voivodeship, Poland (On-Site)
2 Months ago
Britive - Enterprise Sales Development Representative

Britive

Boston, Massachusetts, United States (On-Site)
3 Months ago
lifechruh - Producer

lifechruh

Edmond, Oklahoma, United States (On-Site)
2 Months ago
GT HQ - Senior Product Manager

GT HQ

Ukraine (Remote)
1 Month ago
Qualcomm - Product Marketing Analyst

Qualcomm

Shanghai, China (On-Site)
2 Months ago
Thoughtfish GmbH - Producer

Thoughtfish GmbH

Berlin, Berlin, Germany (On-Site)
1 Year ago
Diligent Corporation - Associate Product Manager

Diligent Corporation

Budapest, Hungary (Hybrid)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Univision - Vice President, Political Sales

Univision

Washington, District Of Columbia, United States (On-Site)
1 Year ago
Lilt - Polish US-based Medical Translators needed

Lilt

United States (Remote)
2 Weeks ago
bytedance - Product Expert - Video Cloud

bytedance

Singapore (On-Site)
3 Months ago
Microsoft - Language Engineer

Microsoft

Mountain View, California, United States (Hybrid)
4 Months ago
Unity - Lead Compensation Program Manager – Market Strategy & Structure

Unity

Montreal, Quebec, Canada (On-Site)
2 Weeks ago
Wolters Kluwer - Fulfillment Associate, Registered Agent Services

Wolters Kluwer

Wilmington, Delaware, United States (On-Site)
4 Weeks ago
Marvell - Financial Analyst

Marvell

Santa Clara, California, United States (On-Site)
2 Months ago
Rackner - Private Capital Project Specialist

Rackner

Washington, District Of Columbia, United States (On-Site)
3 Months ago
Ubisoft - Strategic Planning Assistant - Internship

Ubisoft

Paris, Île-de-France, France (On-Site)
4 Months ago
Zscaler - Senior Manager, Financial Planning and Analysis

Zscaler

San Jose, California, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Dublin, County Dublin, Ireland

playrix  - Senior Playable Ads Developer

playrix

Ireland (Remote)
4 Months ago
Square - Sales Assistant

Square

Cork, County Cork, Ireland (On-Site)
2 Weeks ago
2K - Director of Game Science & Insights | Sports

2K

Dublin, County Dublin, Ireland (On-Site)
1 Month ago
Marsh McLennan - Commercial Client Advisor - Global Broker

Marsh McLennan

Dublin, County Dublin, Ireland (Hybrid)
2 Months ago
Proscia - Implementation Engineer, EMEA

Proscia

Dublin, County Dublin, Ireland (Remote)
7 Months ago
playrix  - Senior Accountant

playrix

Ireland (Remote)
6 Months ago
Ion - License Key Analyst

Ion

Dublin, County Dublin, Ireland (On-Site)
3 Years ago
Riot Games - Senior Software Engineer - VALORANT - Foundations Developer Experience & Workflows

Riot Games

Dublin, County Dublin, Ireland (On-Site)
9 Months ago
Ziff Davis - Qualified Accountant

Ziff Davis

Dublin, County Dublin, Ireland (On-Site)
3 Weeks ago
playrix  - Customer Support Representative

playrix

Ireland (Remote)
7 Months ago

Get notifed when new similar jobs are uploaded

Product Management Jobs

Take-Two Interactive - Product Manager

Take-Two Interactive

New York, New York, United States (On-Site)
1 Month ago
Caramel tech studios - Product Manager

Caramel tech studios

San Francisco, California, United States (On-Site)
1 Month ago
Scopely - Senior Product Manager - Unannounced Project

Scopely

Barcelona, Catalonia, Spain (Hybrid)
5 Months ago
ISS Stoxx - Product Manager - Sustainability Solutions

ISS Stoxx

London, England, United Kingdom (On-Site)
1 Year ago
SSC Technologies - Senior Product Manager, Mobile

SSC Technologies

London, England, United Kingdom (Hybrid)
2 Months ago
Glean - Product Manager

Glean

Palo Alto, California, United States (On-Site)
3 Months ago
USE Insider - Senior Product Manager - (Remote)

USE Insider

Istanbul, İstanbul, Türkiye (Remote)
9 Months ago
Condé Nast - Creative Producer, Allure & SELF

Condé Nast

New York, United States (On-Site)
3 Weeks ago
CropBytes - Product Manager

CropBytes

India (On-Site)
1 Year ago
Blazesoft - Product Operations Manager

Blazesoft

Vaughan, Ontario, Canada (On-Site)
7 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Boston, Massachusetts, United States (Hybrid)

New York, United States (Hybrid)

Burlington, North Carolina, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Dublin, County Dublin, Ireland (Hybrid)

Boston, Massachusetts, United States (Remote)

Boston, Massachusetts, United States (Hybrid)

Santa Maria, California, United States (Hybrid)

Miami, Florida, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Toast

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug