Product Security Architect
Toast is looking for a hands-on leader to join our Product Security team as the Product Security Architect, reporting to the CTO. The Product Security team at Toast is focused on ensuring that Toast is the most secure platform for restaurants to entrust with their critical data and business operations. As the leader of this team, you will define and drive the evolution of Toast's product security architecture. You will collaborate with Product Management, Engineering and DevOps to design and execute our strategic and tactical security initiatives. You will work with peers in Corporate IT Security and Compliance to ensure company wide security and compliance objectives are met.
- As the technical leader of the Product Security team, drive overall product security architecture.
- Mentor the existing team of 2 product security engineers and grow the team to meet the needs of a rapidly scaling company.
- Integrate security into Toast’s SDLC. Provide direction and guidance to Dev, QA and DevOps teams on secure application development, testing and deployment strategies. Conduct security design reviews and code reviews of application features and functionality
- Perform technical security assessments and threat modeling of our web applications, mobile clients, web services, databases, messaging, and other components. Provide remediation solutions when necessary.
- Provide security domain expertise to leaders across the entire Toast organization
- Work with Toast's Corporate IT Security team and Compliance team to ensure Toast's company wide security and compliance objectives are met
- Work with the rest of the Product Security team to manage Toast's day to day product security operations, Toast's incident response process, and Toast's bug bounty program
- Occasionally work with Toast customers and prospects to provide an overview of Toast's security program and answer security related questions
Do you have the right ingredients?
- At least 5 years of experience in product security. Broad knowledge of security best practices.
- Demonstrated knowledge and experience with web security and secure development practices
- Demonstrated knowledge of secrets management, cryptography, and authentication and authorization protocols such as OAuth and SAML
- Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing
- Expertise in securing applications and services in public cloud models, preferably AWS
- Experience with common CI/CD and software deployment automation tools
- Ability to build strong relationships, earning the confidence and trust of senior managers and team members.
- Ability to effectively prioritize and manage multiple projects and responsibilities
- High level of self-motivation, whilst comfortable working self-sufficiently in a fast paced business
- (Preferred) Demonstrated knowledge of PCI compliance, credit card security and fraud management
- (Preferred) Demonstrated knowledge of mobile device security, ideally Android specific device management