Senior Application Security Engineer

Tokyo
Product & Technology – Cybersecurity /
Employee /
Hybrid
Apply for this job
Woven by Toyota is the mobility technology subsidiary of Toyota Motor Corporation. Our mission is to deliver safe, intelligent, human-centered mobility for all. Through our Arene mobility software platform, safety-first automated driving technology and Toyota Woven City — our test course for advanced mobility — we’re bringing greater freedom, safety and happiness to people and society. 

Our unique global culture weaves modern Silicon Valley innovation and time-tested Japanese quality craftsmanship. We leverage these complementary strengths to amplify the capabilities of drivers, foster happiness, and elevate well-being.

TEAM
The Application Security team at Woven by Toyota is on the latest of many challenging security problems. We identify new security threats, preferred secure system design patterns, and security mitigations and remediation in the out-vehicle and vehicle-connected systems that support autonomous vehicles, smart city technology, and more!. We work with internal Product, Platform, and DevOps teams to provide a secure development environment through tooling and automation, allowing developers to improve quickly without compromising security.

WHO ARE WE LOOKING FOR
We are looking for a Senior Application Security Engineer with a background in secure software development to ensure that our software systems are designed and implemented to the highest standards. The role scope is broad; you will lead the secure design of new services and products, perform vulnerability analysis of applications, work with developers to resolve security issues, and build tools for security automation. You will also continuously improve our application security program by developing technical standards and processes which allow developers to write secure software.

You will have a good mix of deep technical experience in information security. We value broad and deep technical knowledge, specifically in the fields of application security for cloud platforms, operating systems, cryptography, web applications, CI/CD, and IoT / embedded systems. This is a hybrid role requiring your presence onsite several days per week, where you will report to the Manager of Application Security Consulting team.

RESPONSIBILITIES:

    • Consult with development and operations teams to create secure applications for our important systems
    • Identify and recommend the appropriate process and technology improvements to resolve security gaps
    • Lead threat modeling and security assessments for different projects across the organization
    • Enhance the application security program by refining technical standards for secure development practices
    • Improve security accessibility and enforceability through automation, CI/CD pipelines, and other methods
    • Conduct static/dynamic security tests on Woven by Toyota applications to pinpoint vulnerabilities and security flaws
    • Communicate across different sensitivity levels and to diverse audiences

MINIMUM QUALIFICATIONS:

    • 5+ years of comprehensive engineering experience in information security or software development
    • Over 3 years specializing in Application Security team roles, involving security requirements provision, risk assessment, threat modeling & security code review. Equivalent experience in software development may be considered as well.
    • Expertise with software, computer, and network architectures, alongside practical cryptography applications
    • Hands-on coding experience in general-purpose languages like Python, Ruby, Go, C/C++, Java, & JavaScript
    • Familiarity with different Security methodologies (e.g., Microsoft SDL, OWASP SAMM, BSIMM)
    • Profound knowledge of secure coding principles, along with expertise in common application security vulnerabilities such as OWASP Top 10 & CWE 25
    • Proficient in large-scale application design, security testing, & risk management
    • Communicate security risks to diverse audiences while highlighting mitigation techniques and strategies

NICE TO HAVES:

    • Proficient in security features and mechanisms offered by AWS or GCP; AWS Certified Security or GCP Professional Cloud Security Engineer certification is advantageous
    • In-depth knowledge of authentication protocols and frameworks including OAuth, OpenID, SSO/SAML, and AWS IAM
    • Experience in DevSecOps, automating manual processes into DevSecOps pipelines
    • Secure SDLC framework implementation within a large corporation
    • Proficiency in managing application security testing tools like SAST, DAST, and Open Source Vulnerability Scanning
    • Understanding of technologies and concepts: Microservice Architecture, Docker, Infrastructure as Code, CI/CD pipelines, Kubernetes
    • Familiarity with security and privacy frameworks and regulations such as SOC, PCI-DSS, ISO, GDPR, CCPA
If you are located outside of Japan we will set up an interview over Google Hangout Meet.

WHAT WE OFFER
・Competitive Salary - Based on experience
・Work Hours - Flexible working time with NO core-hours
・Paid Holiday - 20 days per year (prorated)
・Sick Leave - 6 days per year (prorated)
・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company
・Japanese Social Security - all applicable (Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance)
・In-house Training Program (software study/language study)

By submitting your application you agree to the following terms: https://woven.toyota/en/applicant-privacy-notice

Our Commitment
・We are an equal opportunity employer and value diversity.
We pledge that any information we receive from you will be used ONLY for the purpose of hiring assessment.
Apply for this job

Woven by Toyota Home Page

Jobs powered by Lever logo