Product Security Testing Engineer II

$75000 - $108300 Year

Monday to Friday

Day shift

Health insurance
Paid time off
Employee discount
Dental insurance
Vision insurance
401(k)
401(k) matching
Flexible schedule
Parental Leave
Tuition reimbursement
Flexible spending account
Retirement plan
Others

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for diverse, talented team members who want to Dream. Do. Grow. with us.
To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position at this time.

Toyota's Cybersecurity Risk Management (CSRM) group objective is to become a global cybersecurity leader in the mobility space - with the talent, scale, and services to enable our mission of securely bringing mobility for all.

We hope you will join us in this time of transformation and be a part of defining the next-generation cybersecurity capabilities for one of the largest global companies in the world.

Who we’re looking for

Toyota’s CSRM group is looking for team members who are passionate about technology and interested in joining a collaborative and highly motivated team as a Product Security Testing Engineer II.

The primary responsibility of this role is to perform and support advanced security testing engagements for in-market and next-generation products throughout Toyota’s Connected Vehicle ecosystem.

Reporting to the Product Security Testing Senior Manager, the person in this role will join the Product Cybersecurity Group to deploy security solutions for applications in a more connected vehicle environment.

What you’ll be doing

Perform analysis of security requirements specifications and generate corresponding test specifications during the design phase of the development lifecycle.
Perform requirements verification activities ensuring that the specified security requirements have been implemented sufficiently.
Perform other testing activities including penetration testing and reverse engineering with the main goal of identifying implementation flaws throughout the connected vehicle ecosystem (mobile applications, embedded systems security hardware, firmware, and software).
Document and communicate complex technical findings and remediation guidance effectively to both technical and non-technical staff.
Research and stay up to date on new attack vectors, vulnerabilities, and exploitation techniques.
What you bring

Bachelors in EE, ME, CS, CECS, and/or Systems Engineering; advanced engineering degree preferred.
Proficient in C, C++, ARM, and/or Python (specifically for writing tools to help with tasks).
Strong knowledge of core security fundamentals and embedded security best practices (e.g., secure boot, secure debug, secure storage, secure communications).
Experience with Linux and other embedded operating systems.
Hands-on experience performing security assessments on OS or application-level of iOS/Android applications.
Experience with reverse engineering and binary analysis tools (e.g., IDA Pro, Ghidra).
Experience with on-board communication interfaces such as JTAG, SPI, UART, and SWD.
Demonstratable experience with hardware lab equipment such as oscilloscopes, logic analyzers, etc.
Added bonus if you have

Knowledge about in-vehicle automotive networking protocols (e.g. CAN, LIN).
Familiarity or experience with Fault Injection Attacks and Side Channel Analysis techniques.
Experience with vulnerability analysis using CVSS scoring and CWE types.
Practical experience with common hardware hacking tools such as Bus Pirate, JTAGulator, Chipwhisperer, etc.
Strong hardware skills such as SMD/BGA soldering, “chip-off” and reflow.
Self-education to continuously learn and invest in skills and knowledge relevant to the team and the position.
Going above and beyond by understanding the business, anticipating needs, and delivering results that meet all quality expectations.
Proactive management and creation of tasks, definitions of done, and deliverable dates for tasks requested of you and projects you manage.
Mentoring and coaching to help develop a community of peers/experts.
Experience with secure software development and/or product cybersecurity engineering standards and best practices to support the secure-by-design engineering process.
What we’ll bring

During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:

A work environment built on teamwork, flexibility, and respect.
Professional growth and development programs to help advance your career, as well as tuition reimbursement.
Vehicle purchase & lease programs.
Comprehensive health care and wellness plans for your entire family.
Flextime and virtual work options (if applicable).
Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute.
Paid holidays and paid time off.
Referral services related to prenatal services, adoption, childcare, schools, and more.
Tax-Advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).
Belonging at Toyota

Our success begins and ends with our people. We embrace diverse perspectives and value unique human experiences. Respect for all is our North Star. Toyota is proud to have 10+ different Business Partnering Groups across 100 different North American chapter locations that support team members’ efforts to dream, do and grow without questioning that they belong. As a company that has been one of DiversityInc’s Top 50 Companies for Diversity and a member of The Billion Dollar Roundtable supporting minority and woman-owned suppliers for over 10 years, we are proud to be an equal opportunity employer that celebrates the diversity of the communities where we live and do business.



Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.

Have a question or need assistance with your application? Please send an email to talent.acquisition@toyota.com.

Communication
Leadership
Teamwork
Interpersonal
Learning/adaptability
Self-management
Organizational
Computer
Problem solving
Open mindedness
Strong work ethic
technology
Others

Experience with secure software development

Manufacturing

On going position

In-person