Product Security Engineer- Mobile App Security

Overview
In this role, you will play a pivotal role in shaping the overall cybersecurity posture for Toyota Motor North America (TMNA). Embedded within the Product Cybersecurity Group (PCG), the Product Security Testing Team (PSTT) performs advanced security testing engagements for pre-production vehicle ecosystem for the next generation automotive solutions worldwide.

Description:
In this role, you will focus on identifying, assessing, and mitigating security risks across various platforms including APIs, mobile applications (iOS and Android), wireless protocols, and Linux systems.
The candidate will also be responsible for penetration testing, proof-of-concept exploits, reverse engineering software to uncover vulnerabilities, and assess their potential impact. We are looking for candidates who are passionate about system security and have a broader and deeper understanding of the security landscape across software, wireless networks, and APIs. Due to the nature of this position, candidates must work on-site at Toyota HQ in Plano, TX. A hybrid model may be possible for strong candidates.

Summary:

o This position’s responsibility includes:
o Conduct analysis of security requirements specifications against implementation
o Perform security assessments, and penetration testing including but not limited to mobile applications (iOS and Android), wireless security, APIs, and Linux OS
o Communicate complex technical findings, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
o Develop skills through continuous learning and apply what you have learned relevant to emerging attack vectors, vulnerabilities, and exploits.

Requirements

<Required>

o   Bachelor’s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired

o   Hand-on experience with Linux Operating Systems and shell scripting

o   Hands-on experience performing security assessment on OS or application-level of iOS/Android applications

o   Proficient in programming languages such as C/C++, Java, Swift, Kotlin, and Python

o   Knowledge of network security principles and various wireless security protocols

o   Knowledge of APIs security, and authentication protocols such as OAuth, SAML, etc.

o   Hands-on experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis

o   Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process

o   Deep understanding of API security best practices

o   Strong interest to acquire and develop additional skills such as Embedded systems security fundamentals

<Preferred>

o   Understanding of hardware principles with a focus on security aspects (e.g., Hardware Security Module, Secure Boot)

o   Strong background in security engineering, various authentication, and security protocols

o   Strong understanding of Mobile OS security internals

o   Deep experience in mobile security, obfuscation techniques, and reverse engineering

o   Experience developing security testing framework and contributing to open-source projects

o   Experience working with Software Define Radio and tools development

o   Knowledge of Cloud platforms such as AWS, GCP or Azure