If you want to change the way the world works, transform the automotive industry and positively impact others on a global scale, then Toyota Connected is the right place for you! Within our collaborative, fast-paced environment we focus on continual improvement and work in a highly iterative way to deliver exceptional value in the form of connected products and services that wow and delight our customers and the world around us. Come help us reimagine what mobility can be today and for years to come!
About the Team:
Toyota Connected is expanding our Security Team. You will be part of a highly talented Security team pioneering Information Security in one of today's most innovative and highly visible industries. Here at Toyota Connected, Information Security is immersed in all the technology and engineering groups versus standing off to the side. While this team will be chartered towards Information Security, we also focus heavily in the DevSecOps space, and work across all aspects of application development, including cloud, CI/CD, and containers. Protecting the privacy and data of millions of Toyota and Lexus drivers is a top priority.
Toyota Connected is looking for a Senior Application Security Engineer who has very granular and deep experience in testing and screening software for security vulnerabilities. This position will report to the Deputy Chief Information Security Officer (CISO), and will interact with product development, cloud engineering and DevOps teams to integrate static and dynamic testing tools, define and enforce policies, and facilitate ongoing steering committee working sessions. Additionally, this role will own threat modeling and application risk assessments across product teams.
- Conduct application risk assessments and facilitate threat modeling for cloud solutions
- Manage and configure static code analysis tool, including policy enforcement, automated CI/CD integration, and Open Source Software (OSS) security
- Experience with both open source and proprietary static analysis tools
- Manage and configure Container security tools, e.g. Twistlock/AquaSec, including policy enforcement and alerting
- Assist with routine API and Web Application penetration testing
- Define and rollout detailed secure coding standards and policies
- Manage and facilitate secure coding training and awareness
- Continuously improve and adapt application security program given Toyota Connected's extremely fast velocity of change to meet industry demands
- Work with Toyota's existing global cloud security organization to ensure knowledge sharing and collaboration
- You are smart and can demonstrate it
- 5 to 10 years of experience in Cybersecurity and/or Application Security
- Must have strong hands-on experience with proprietary and open source Application Security vulnerability scanning tools
- Must have strong hands-on experience with Docker
- Must have hands-on experience with APIs and Web Services, both API development and API usage
- Knowledge of key best practices, compliance standards or frameworks such as OWASP Top 10
- Extensive experience with network security devices such as web application firewalls, API Gateways, and DDoS mitigation solutions
- Must have hands-on UNIX and shell scripting experience
- Must have Azure and/or AWS expertise
- Hands-on experience (i.e. scripting) with Circle CI, Jenkins and/or GitLab is a plus
- Experience with Kubernetes is a plus
- We think the knowledge acquired earning a degree Computer Science would be of great value in this position, but if you're smart and have the experience that backs up your abilities, for us, talent trumps degree every time
What’s in it for you?
- Money. Money. Money. Mooonaaay! Great pay and bonuses.
- Unlimited time off. Seriously! You won’t run out of sick or vacation time here. You'll be treated like the professional we know you are and left to manage your own time and work load.
- Four months of parental leave. We want new moms and dads to have an opportunity to lose as much sleep at home as possible taking care of those new additions.
- 401k with generous company match that is fully vested within the first month. This is the perfect plan to get you into that retirement beach house in the Bahamas.
- Yearly gym membership reimbursement. We have a Toyota Connected fit club that loves plank competitions!
- Fun game room for the gamer that lives inside you! Xbox, virtual reality, and Nintendo Switch gamers live here and are always ready for their next opponent.
- Free catered lunches. EVERY. DAY. Awesome healthy lunches catered in from different local restaurants. Fridays are “cheat” days, so you can get your carbs on!
- Two fully stocked Nespresso bars for your coffee and tea fixes.
- Two kitchens stocked full of healthy snacks including fresh fruit, almonds, mixed nuts, pretzels, trail mix, and flavored waters. Nobody is hangry here!
- Waffle Wednesdays! Fresh waffles on Wednesday afternoons to get you through Hump Day!
- Bi-weekly company happy hours so you can hang with your Toyota Connected friends while different teams share the cool technologies we are using, the awesome products we are building, and celebrate accomplishments we’ve made.
- Free covered garage parking to shield your vehicle from those sneaky storms and to protect your buns from the Texas sun
- Toyota and Lexus vehicle discounts. Buy a new Toyota or Lexus and still have a fat wallet!
- No dress code! Come as you are!
Who Are We?
Toyota Connected is a new company created to infuse the power of big data and cloud intelligence into all aspects of the mobility experience so that driving a Toyota or Lexus is more personal, intuitive and safe. We create and enable technologies that delight, simplify and connect the lives of those who use our products. We believe this mobility revolution will empower our customers to use their vehicles in an array of exciting new ways. We support, celebrate and thrive on the opportunity to provide Mobility for All.
Making a connected life a more human experience takes humans from all walks of life. Toyota Connected celebrates and is committed to a diverse and inclusive workplace that embraces you regardless of your gender, religion, sexual orientation, skin color, age, disability, military or veteran status, big shot relative, or Instagram fame. Different makes us awesome.