The Role
Perform penetration testing on applications, cloud, infrastructure, and AI systems. Automate security assessments and communicate risks to stakeholders. Assist in secure design reviews and enhance enterprise security practices.
Summary Generated by Built In
About Woven by Toyota
Woven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society.
Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all.
=========================================================================
TEAM
We are a team of experts covering software, enterprise networks, endpoints, infrastructure, identities, and cloud platforms security. We support product and solution development from R&D through productization phases including a wide variety of technology stacks and business units.
WHO ARE WE LOOKING FOR?
You have hands-on experience performing security testing (i.e. PenTest) of various systems including one or more of: application, cloud, infrastructure, identity management, AI, and other enterprise systems. You will participate in securing new products and enterprise solutions including performing secure design review, vulnerability analysis, systems testing, and building and deploying security automation. You will also help improve our enterprise security program by contributing to technical standards and processes.
RESPONSIBILITIES
- Perform hands-on security testing (i.e. PenTest) of various systems including: application, cloud, infrastructure, identity management, AI, and other enterprise systems
- Perform additional security review (including design and architecture reviews) supporting Product and Engineering teams to establish and validate security requirements in new and existing products or systems
- Develop ways to automate the assessment and validation of security controls
- Provide consultant-level communication that is effective at multiple levels of sensitivity and multiple audiences
- Report to the senior manager for Enterprise Security Services and come to the office 3x per week as per our hybrid work policy
MINIMUM QUALIFICATIONS
- Bachelor’s Degree or higher in Computer Science or related field, or equivalent work experience
- Hands-on experience performing security testing (i.e. PenTest) of various systems including one or more of: application, cloud, infrastructure, identity management, AI, and other enterprise systems
- Experience identifying and addressing security issues through design and code review, static/dynamic analysis, and other commonly used security tools and methodologies
- Knowledge of secure coding principles and common application security vulnerabilities, such as OWASP Top 10 and CWE 25 vulnerabilities
- Experience presenting and communicating security threats to non-security specialists (i.e. development teams, management, or other stakeholders)
NICE TO HAVES
- Experience in software development or DevEx work
- Experience in infrastructure security, container security, and/or CI/CD security
- Knowledge of security features and mechanisms provided by AWS or GCP. AWS Certified Security or GCP Professional Cloud Security Engineer is a plus
- Knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
- Business-level Japanese
=========================================================================
Important Points
・All interviews will be arranged via Google Meet, unless otherwise stated.
・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.
・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.
WHAT WE OFFER
・Competitive Salary - Based on experience
・Work Hours - Flexible working time
・Paid Holiday - 20 days per year (prorated)
・Sick Leave - 6 days per year (prorated)
・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company
・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance
・Housing Allowance
・Retirement Benefits
・Rental Cars Support
・In-house Training Program (software study/language study)
Our Commitment
・We are an equal opportunity employer and value diversity.
・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.
Top Skills
AWS
Ci/Cd
GCP
Oauth
Openid
Penetration Testing
SAML
Sso
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Woven by Toyota will help to deliver the safest, most intelligent mobility experiences and lifestyle for Toyota customers everywhere. At Woven by Toyota, we envision a human-centered future, where world-class technology expands global access to mobility, enhances the capabilities of drivers, and empowers people to thrive. We achieve this with a unique global culture that weaves modern Silicon Valley innovation with Japanese quality craftsmanship. As society, technology and customer needs evolve, we continuously pursue new ways to create a more personal, seamless experience for customers.
