Toyota Connected is looking for a Senior Application Security Engineer who has very granular and deep experience in testing and screening software for security vulnerabilities. This position will report to the Deputy Chief Information Security Officer (CISO), and will interact with product development, cloud engineering and DevOps teams to integrate static and dynamic testing tools, define and enforce policies, and facilitate ongoing steering committee working sessions. Additionally, this role will own threat modeling and application risk assessments across product teams.
You will be a part of a highly talented Information Security team pioneering Information Security in one of today's most innovative and highly visible industries. Here at Toyota Connected, Information Security is immersed in all the technology and engineering groups vs. standing off to the side. We are looking for team members that are required to be creative in solving problems, excited to work in new technology areas and be ready to wear multiple hats to get things done in a highly-energized, fast-paced, innovative, and collaborative startup environment. While the role will be entirely chartered towards Information Security, we are looking for leaders in the DevOps and Containerization space that have experience across all aspects of application development, including cloud, CI/CD, and containers.
- Conduct application risk assessments and facilitate threat modeling for cloud solutions
- Manage and configure static code analysis tool, including policy enforcement, automated CI/CD integration, and Open Source Software (OSS) security
- Experience with both open source and proprietary static analysis tools
- Manage and configure Container security tools, e.g. Twistlock/AquaSec, including policy enforcement and alerting
- Assist with routine API and Web Application penetration testing
- Define and rollout detailed secure coding standards and policies
- Manage and facilitate secure coding training and awareness
- Continuously improve and adapt application security program given Toyota Connected's extremely fast velocity of change to meet industry demands
- Work with Toyota's existing global cloud security organization to ensure knowledge sharing and collaboration
- You are smart and can demonstrate it
- 5 to 10 years of experience in Cybersecurity and/or Application Security
- Must have strong hands-on experience with proprietary and open source Application Security vulnerability scanning tools
- Must have strong hands-on experience with Docker and Kubernetes
- Must have Azure and/or AWS expertise
- Must have hands-on experience with APIs and Web Services, both API development and API usage
- Knowledge of key best practices, compliance standards or frameworks such as OWASP Top 10, NIST, and SANS Top 20
- Extensive experience with network security devices such as web application firewalls, API Gateways, and DDoS mitigation solutions
- Must have hands-on UNIX and shell scripting experience
- Hands-on experience (i.e. scripting) with Circle CI and/or Jenkins is a plus
- We think the knowledge acquired earning a degree Computer Science would be of great value in this position, but if you're smart and have the experience that backs up your abilities, for us, talent trumps degree every time
What’s in it for you?
- Money. Money. Money. Mooonaaay! Great pay and bonuses.
- Unlimited time off. Seriously! You won’t run out of sick or vacation time here. You'll be treated like the professional we know you are and left to manage your own time and work load.
- Four months of parental leave. We want new moms and dads to have an opportunity to lose as much sleep at home as possible taking care of those new additions.
- 401k with generous company match that is fully vested Day One. This is the perfect plan to get you into that retirement beach house in the Bahamas.
- Yearly gym membership reimbursement. We have a Toyota Connected fit club that loves plank competitions!
- Fun game room for the gamer that lives inside you! Xbox, virtual reality, and Nintendo Switch gamers live here and are always ready for their next opponent.
- Free catered lunches. EVERY. DAY. Awesome healthy lunches catered in from different local restaurants. Fridays are “cheat” days, so you can get your carbs on!
- Two fully stocked Nespresso bars for your coffee and tea fixes.
- Two kitchens stocked full of healthy snacks including fresh fruit, almonds, mixed nuts, pretzels, trail mix, and flavored waters. Nobody is hangry here!
- Waffle Wednesdays! Fresh waffles on Wednesday afternoons to get you through Hump Day!
- Bi-weekly company happy hours so you can hang with your Toyota Connected friends while different teams share the cool technologies we are using, the awesome products we are building, and celebrate accomplishments we’ve made.
- Free covered garage parking to shield your vehicle from those sneaky storms and to protect your buns from the Texas sun
- Toyota and Lexus vehicle discounts. Buy a new Toyota or Lexus and still have a fat wallet!
- No dress code! Come as you are!
Who Are We?
Toyota Connected is a new company created to infuse the power of big data and cloud intelligence into all aspects of the mobility experience so that driving a Toyota or Lexus is more personal, intuitive and safe. We create and enable technologies that delight, simplify and connect the lives of those who use our products. We believe this mobility revolution will empower our customers to use their vehicles in an array of exciting new ways. We support, celebrate and thrive on the opportunity to provide Mobility for All.
Making a connected life a more human experience takes humans from all walks of life. Toyota Connected celebrates and is committed to a diverse and inclusive workplace that embraces you regardless of your gender, religion, sexual orientation, skin color, age, disability, military or veteran status, big shot relative, or Instagram fame. Different makes us awesome.