In this role, you will focus on identifying, assessing, and mitigating security risks across various platforms including APIs, mobile applications (iOS and Android), wireless protocols, and Linux systems.
The candidate will also be responsible for penetration testing, proof-of-concept exploits, reverse engineering software to uncover vulnerabilities, and assess their potential impact. We are looking for candidates who are passionate about system security and have a broader and deeper understanding of the security landscape across software, wireless networks, and APIs. Due to the nature of this position, candidates must work on-site at Toyota HQ in Plano, TX. A hybrid model may be possible for strong candidates.
This position’s responsibility includes:
- Conduct analysis of security requirements specifications against implementation.
- Perform security assessments, and penetration testing including but not limited to mobile applications (iOS and Android), wireless security, APIs, and Linux OS.
- Communicate complex technical findings, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts.
- Develop skills through continuous learning and apply what you have learned relevant to emerging attack vectors, vulnerabilities, and exploits.
Required
- Bachelor’s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired.
- Hand-on experience with Linux Operating Systems and shell scripting.
- Hands-on experience performing security assessment on OS or application-level of iOS/Android applications.
- Proficient in programming languages such as C/C++, Java, Swift, Kotlin, and Python.
- Knowledge of network security principles and various wireless security protocols.
- Knowledge of APIs security, and authentication protocols such as OAuth, SAML, etc.
- Hands-on experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis.
- Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process.
- Deep understanding of API security best practices.
- Strong interest to acquire and develop additional skills such as Embedded systems security fundamentals.