SOC Analyst

at  Toast

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.Toast is looking for a senior engineer to join our security team. You’ll work in tandem with our engineering teams to think about and act on security challenges throughout all phases of software development, as well as help design and build new features to enhance the security of the Toast platform. You will have a major impact on the overall direction of security at Toast as the team works to design and implement new approaches to application security. We love security innovators who stay informed about emerging threats and are always thinking about new and interesting solutions to match them.

DO YOU HAVE THE RIGHT INGREDIENTS*? (REQUIREMENTS)

This is not an exhaustive list of skills and we encourage all applicants if you feel this is the role for you

• Experience with programming or scripting languages
• Experience leveraging programming languages to solve problems and automate solutions
• Understanding of Amazon Web Services(AWS) cloud application architecture and best security practices
• Familiarity with penetration testing tools
• Understanding of Red team/Blue team activities
• Experience with threat modelling/incident response and tabletop exercises
• Experience with Splunk as a centralized logging service and SIEM

SPECIAL SAUCE* (NONESSENTIAL SKILLS/NICE TO HAVES)

• Familiarity with mobile application threats (iOS, Android).
• Familiarity with containerization and orchestration technologies (Docker highly preferred)
• Experience leading threat-hunting efforts. Bonus points if you can apply this to AWS
• Familiarity with Network Device monitoring.
• Familiarity with Mitre Attack Framework

ABOUT THIS ROLL* (RESPONSIBILITIES)

• Part security response efforts raised from the remainder of the company, escalating as necessary
• Creating tools and processes to monitor, detect, and mitigate risks discovered
• Work with fellow security team members to influence the company to help architect positive security changes
• Identify anomalies generated by monitoring solutions within the environment
• Create signatures and tools to analyze and detect malicious activity within AWS and corporate environments
• Leverage EDR solution to respond to suspicious/malicious activity and continuously baseline solution
• Contribute to threat hunting efforts
• Leverage programming languages to solve problems and automate solutions to security findings
• Foster a security mindset with our development teams by working with security champions

This is not an exhaustive list of skills and we encourage all applicants if you feel this is the role for you

• Experience with programming or scripting languages
• Experience leveraging programming languages to solve problems and automate solutions
• Understanding of Amazon Web Services(AWS) cloud application architecture and best security practices
• Familiarity with penetration testing tools
• Understanding of Red team/Blue team activities
• Experience with threat modelling/incident response and tabletop exercises
• Experience with Splunk as a centralized logging service and SIE