Senior Security Engineer, Woven City Vulnerability Management

Tokyo
Woven City – Engineering Hub /
Employee /
Hybrid
Apply for this job
About Woven by Toyota
Woven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society.

Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all.

=========================================================================

TEAM
Toyota is redefining what it means to move. We're challenging the current state of mobility by enhancing the movement of people, goods, information and energy. Centered around three core concepts - A Living Laboratory™, Human-Centered, and Ever Evolving City™ - Woven City serves as a test course for mobility to fulfill our purpose of well-being for all.

We do this by bringing together a diverse community of people with a shared passion for the future of mobility to co-create, develop and refine innovative products and services. This cross-section of social infrastructure, mobility, and people provides a unique opportunity for inventors, residents and visitors to interact seamlessly with new technologies throughout daily life in an environment that emulates a real city.

The Engineering Hub Function leads technical cross-functional activities from the entire "Woven City" perspective. It creates policies and supports service development from quality management. Our team, as one of sub-Function of Engineering Hub, supports internal developers in terms of cybersecurity and its operation. We make policies and guidelines for cybersecurity risk management, advise developers, and lecture software designers and product operators on conducting risk assessment based on the corporate risk control framework, as well as develop key cybersecurity services.

We are seeking a talented vulnerability manager to join us as we take on new challenges to create new products and services for the Toyota Woven City. This position will work closely with the Woven City Product Security team  and product teams. 

For more information about Woven City, please visit: https://www.woven-city.global/


WHO ARE WE LOOKING FOR?
We are seeking a highly motivated and technically skilled Security Engineer to define and mature the vulnerability management function for Woven City cybersecurity operations. The ideal candidate has a deep understanding of vulnerability lifecycle management across diverse environments—cloud, enterprise, OT/ICS, IoT, and product ecosystems—and can drive cross-functional alignment across Infrastructure, Service, and Product teams.

This role will be responsible for designing, implementing, and scaling a city-wide vulnerability management program to improve security posture and reduce risk exposure in critical systems. This role will be hybrid remote and in office.

RESPONSIBILITIES

    • Define, develop and operationalize security processes and technology to reduce vulnerability exposure for Woven City
    • Work closely with governance and risk management to ensure that vulnerabilities are recorded, tracked, and remediated
    • Coordinate with product teams to identify and remediate vulnerabilities across products and services
    • Develop, measure, and report compliance with related vulnerability-related standards
    • Measure & report the state of the business to product owners and stakeholders at regularly defined intervals
    • Assist in hiring and mentorship of engineers working on vulnerability management

MINIMUM QUALIFICATIONS

    • 5+ years of experience in cybersecurity, with 3+ years in a vulnerability management or risk-focused leadership role
    • Strong understanding of vulnerability scanning tools, asset management, and patch management processes
    • Experience with two or more tech stacks, such as cloud environments (AWS/GCP), enterprise IT, IoT, ICS/OT, Kubernetes, and containerized workloads
    • Demonstrated ability to manage large cross-functional projects and influence across departments
    • Experience working with DevSecOps pipelines, integrating security into CI/CD
    • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field, or equivalent experience
    • Familiarity with CVE, CVSS, EPSS, and industry vulnerability frameworks (e.g., NIST 800-40, ISO 27001, MITRE ATT&CK)

NICE TO HAVES

    • Smart City or other highly heterogeneous technical environment (e.g., integration of IoT, ICS, and Cloud)
    • Knowledge of compliance standards (e.g., NIST CSF, IEC 62443, GDPR, ISO 27019)
    • Experience with governance document creation (SOPs, Policies, Standards, and Playbooks)
    • Relevant Security certifications (e.g., CISSP, CISM, OSCP, GIAC, CRISC, or vendor-specific credentials like AWS Security Specialty)
    • Excellent written and verbal communication skills
=========================================================================
Important Points
・All interviews will be arranged via Google Meet, unless otherwise stated.
・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.
・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.

WHAT WE OFFER
・Competitive Salary - Based on experience
・Work Hours - Flexible working time
・Paid Holiday - 20 days per year (prorated)
・Sick Leave - 6 days per year (prorated)
・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company
・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance
・Housing Allowance
・Retirement Benefits
・Rental Cars Support
・In-house Training Program (software study/language study)

Our Commitment
・We are an equal opportunity employer and value diversity.
・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.
Apply for this job

Woven by Toyota Home Page

Jobs powered by Lever logo