Application Security Consultant
Collin County, TX
Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the worlds most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. Were looking for diverse, talented team members who want to Dream. Do. Grow. with us.
Who were looking for
The Global Information Security Operations group is responsible for protecting Toyota Financial Services (TFS) Group information assets from unauthorized disclosure, accidental or intentional loss of data, and modification. This group works to proactively identify existing and emerging risks and threats and implement strategies and mitigations. Additionally, this team works to implement security services that can be shared across the TFS Group companies (38) to elevate security and protect the brand globally.
The Application Security Consultant will be a part of the Global Information Security Operations team focusing on integrating security into the software development lifecycle, CI/CD, and DevOps processes; building, running, and refining the application security and secure code quality program; and performing internal threat hunting/penetration testing. This role also supports our affiliated international TFS Group companies with the establishment of their application security programs, and runs the shared service offering for application scanning available to the TFS Group affiliates. The Application Security Consultant will work closely with application and system teams (across in house development, commercial software, open source, cloud development, mobile app, and hosted services) to understand threats, scan for vulnerabilities (static/dynamic), pen-test, diagnose issues, document and explain findings to developers/technology and product owners/leadership, and assist in development of remediation plans for application security vulnerabilities or identified risks.
The Application Security Consultant will be a self-directing, highly organized, exceptionally effective communicator (verbal and written) who can build rapport with technologists and business leaders alike. This Consultant will be able to perform safe and detailed security testing, clearly articulate found issues in documentation, hold self and other accountable to resolve issues, educate on best practices, stay current to emerging trends, build and refine the application security program, and manage service providers (application security technology and resource providers) to ensure acceptable services.
What youll be doing
- Build and refine application security program including roadmap identifying areas for the program to grow, technologies and people resources that will be needed over time. Collaborate with development team and TFS Group companies to develop well rounded plans to meet the roadmap requirements.
- Manage the technology platforms and service provider companies used by the application security program, ensuring they are kept current and capable to identify current threats, and that providers perform to service level expectations
- Lead and implement application security roadmap initiatives; collaborate and drive inclusion in initiatives across technology teams and TFS Group companies.
- Build automation into the program enabling automated security controls testing for the application security controls.
- Analyze, identify, document, and clearly explain findings to both technical remediation teams and management teams.
- Track (to resolution) and report on open vulnerabilities, risks, findings to development teams, system / product owners, and security and technology leadership on routine basis.
- Build, run and continuously refine the application secure and secure code quality program including development of key performance indicators (KPIs) and tracking program effectiveness.
- Routinely perform lessons learned to iteratively improve the program.
- Lead contracted and service provider resources to deliver application security program as defined.
- Integrate through collaboration and influence, security into the software development lifecycle, CI/CD, and DevOps processes ensuring automated scanning and secure gate checks as applications move through pipeline.
- Perform safe and detailed security testing / penetration testing on applications, computers systems, and networks that are external or internal facing using manual tests and automated tools (such as: code scanning tools (dynamic/static), manual exploit testing scripts, manual application logic crawling).
- Assess and test the security of cloud hosted (e.g., AWS) system in private cloud identifying vulnerabilities and risks. Document findings and escalate to responsible resolution teams.
- Analyze industry threats and cross compare against your experience and the TFS environment to identify potential risks, develop testing plans to determine vulnerability to risks, perform tests, and identify and provide guidance on mitigation strategies.
- Demonstrate to technology and system owners how to exploit found vulnerabilities (break into) on applications and systems when they are identified to aid teams in understanding and remediating.
- Conduct compliance hardening assessments of applications, servers, systems, and network devices to evaluate their security.
- Collaborate with development and technology teams providing recommendations to influence an enterprise mitigation strategy.
- Skills necessary to take on multiple work efforts/initiatives, operational or project related, while maintaining high quality product delivery.
- Excellent collaboration, communication, negotiation and relationship building skills to use with working across many different technology delivery teams.
- Excellent verbal/written presentation skills and ability to communicate challenging technical findings to audiences of varying technical skill and leadership levels.
What you bring
- Bachelors degree or higher in Computer Science, Information Security
- Experience working in a security development and production code environment
- Experience skills and knowledge in software development methodologies, programing and programing constructs with high proficiency in at least one language
- Experience skills and knowledge of security architecture, networking, and security frameworks and best practices (e.g. NIST standards, CIS, ISO, OWASP, SANS,)
- Experience and understanding of continuous integration / continuous development and working within automated CI/CI and DevSecOps models
- Experience with application security tools and practices
- Experience with performing code reviews and safe penetration testing
Added bonus if you have
- CISSP and/or CISM security certification
- Certified Ethical Hacker (CEH) and/or GIAC Penetration Tester (GPEN) and/ or Certified Forensic Examiner (GCFE) and/or Offensive Security Certified Professional (OSCP), and/or Offensive Security Certifications
- Other application security / development industry certifications
What well bring
During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:
- A work environment built on teamwork, flexibility and respect
- Professional growth and development programs to help advance your career, as well as tuition reimbursement
- Vehicle purchase & lease programs
- Comprehensive health care and wellness plans for your entire family
- Flextime and virtual work options (if applicable)
- Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute
- Paid holidays and paid time off
- Referral services related to prenatal services, adoption, child care, schools and more
- Flexible spending accounts
- Relocation assistance (if applicable)
What you should know
Our success begins and ends with our people. We embrace diverse perspectives and value unique human experiences. We are proud to be an equal opportunity employer that celebrates the diversity of the communities where we live and do business.Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.
Have a question or need assistance with your application? Check out the How to Apply section of our careers page on Toyota.com