Enterprise Security PenTest Engineer

About Woven by Toyota

Woven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society.

Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all.

TEAM

We are a team of experts covering software, enterprise networks, endpoints, infrastructure, identities, and cloud platforms security. We support product and solution development from R&D through productization phases including a wide variety of technology stacks and business units.

WHO ARE WE LOOKING FOR?

You have hands-on experience performing security testing (i.e. PenTest) of various systems including one or more of: application, cloud, infrastructure, identity management, AI, and other enterprise systems. You will participate in securing new products and enterprise solutions including performing secure design review, vulnerability analysis, systems testing, and building and deploying security automation. You will also help improve our enterprise security program by contributing to technical standards and processes.

RESPONSIBILITIES

• Perform hands-on security testing (i.e. PenTest) of various systems including: application, cloud, infrastructure, identity management, AI, and other enterprise systems
• Perform additional security review (including design and architecture reviews) supporting Product and Engineering teams to establish and validate security requirements in new and existing products or systems
• Develop ways to automate the assessment and validation of security controls
• Provide consultant-level communication that is effective at multiple levels of sensitivity and multiple audiences
• Report to the senior manager for Enterprise Security Services and come to the office 3x per week as per our hybrid work policy

MINIMUM QUALIFICATIONS

• Bachelor’s Degree or higher in Computer Science or related field, or equivalent work experience
• Hands-on experience performing security testing (i.e. PenTest) of various systems including one or more of: application, cloud, infrastructure, identity management, AI, and other enterprise systems
• Experience identifying and addressing security issues through design and code review, static/dynamic analysis, and other commonly used security tools and methodologies
• Knowledge of secure coding principles and common application security vulnerabilities, such as OWASP Top 10 and CWE 25 vulnerabilities
• Experience presenting and communicating security threats to non-security specialists (i.e. development teams, management, or other stakeholders)

NICE TO HAVES

• Experience in software development or DevEx work
• Experience in infrastructure security, container security, and/or CI/CD security
• Knowledge of security features and mechanisms provided by AWS or GCP. AWS Certified Security or GCP Professional Cloud Security Engineer is a plus
• Knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
• Business-level Japanese

Important Points

・All interviews will be arranged via Google Meet, unless otherwise stated.

・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.

・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.

WHAT WE OFFER

・Competitive Salary - Based on experience

・Work Hours - Flexible working time

・Paid Holiday - 20 days per year (prorated)

・Sick Leave - 6 days per year (prorated)

・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company

・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance

・Housing Allowance

・Retirement Benefits

・Rental Cars Support

・In-house Training Program (software study/language study)

Our Commitment

・We are an equal opportunity employer and value diversity.

・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.