Application Security Engineer

Application Security Engineer

Toyota Connected is expanding our Security Team. You will be part of a highly talented Security team pioneering Information Security in one of today's most innovative and highly visible industries.  Here at Toyota Connected, Information Security is immersed in all the technology and engineering groups versus standing off to the side.  While this team will be chartered towards Information Security, we also focus heavily in the DevSecOps space, and work across all aspects of application development, including cloud, CI/CD, and containers. Protecting the privacy and data of millions of Toyota and Lexus drivers is a top priority.

The Toyota Connected team is looking for an Application Security Engineer with experience in securing large and complex Cloud application deployments.  We are looking for team members who are creative in solving problems, excited to work in new technology areas and ready to wear multiple hats to get things done in a highly energized, fast-paced, innovative, and collaborative startup environment.  

Responsibilities:

• Threat model and review all aspects of Application Security
• Implement Application Security tools like SAST, DAST, RASP
• Continuously improve and adapt security control framework given our extremely fast velocity of change to meet industry demands
• Design logging and monitoring control framework encompassing all levels in the cloud stack
• Implement, manage, monitor and troubleshoot cybersecurity defenses, including network security, systems security, configuration management and monitoring systems/tools.
• Develop automation scripts for better security controls and drive efficiencies.
• Assist with Security Incident response and investigation and prepare reports on findings and recommendations for management.
• Work with IT and Operations team members to implement and deploy threat detection and mitigation solutions to improve event/incident response capabilities and overall cybersecurity readiness.
• Assist with threat and risk reporting
• Work with Toyota's existing global cloud security organization to ensure knowledge sharing and collaboration 

Qualifications:

• 3+ years of experience in Application security
• Experience in public cloud security in AWS, Azure or GCP is a plus.
• Hands-on experience LINUX / UNIX and scripting (Bash, Python, and/or Powershell)
• Experience using and implementing modern application security concepts
• Demonstrated skills in one or more solutions such as API Security, WAF, Vulnerability Scanning, Networking or CI/CD
• Demonstrates problem-solving, troubleshooting, and decision-making skills
• Ability to develop healthy working relationships and collaborate with peers and leaders
• Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals
• Ability to learn and apply new technologies, security tools, and security best practices
• Effective verbal and written communication skills
• Experience with Kubernetes, Gitlab, Dome9, Sonarqube or Okta is a plus
• Relevant industry certifications including, but not limited to, SANS, Cisco CCNA, ISC2,  OSCP, AWS Architect, etc are a plus