Embedded Security Engineer (Python, JavaScript, C, C++, IDA Pro, Ghidra)
Plano, TX (Local / ready to relocate- Hybrid work model) 75024
6+ Months+
JD:
In this role you will play a pivotal role in shaping the overall cybersecurity posture for Toyota. As a software engineer with the Product Security Team, you will be responsible for leading and developing advanced security tooling for current and forward-model systems throughout Toyota’s Connected Car ecosystem.
Responsibilities:
• Lead and perform development of security test tooling that directly supports the team’s validation and verification efforts
• Maintain and support several existing projects, improving overall code quality
• Design and develop complex software infrastructure to support DevSecOps and automated regression analysis
• Engage with other stakeholders in code reviews and audits
• Research and stay up to date on new attack vectors, vulnerabilities, and exploitation techniques
• Lead and participate in small to large-scale individual and matrix-based groups, initiatives, or mentoring others in technical/functional security areas
• Lead and participate in technology security design reviews with the ability to efficiently communicate potential issues and risks
Qualifications:
• Bachelor’s degree (or higher) in Electrical Engineering, Computer Engineering, Computer Science, Cybersecurity or related is strongly desired
• Proficient in Python, JavaScript, C and C++ development
• Experience with reverse engineering and binary analysis methods and tools (e.g., IDA Pro, Ghidra)
• Knowledge of compiler concepts, compilation lifecycle and intermediate products
• Knowledge and experience using static and dynamic binary analysis techniques
• Ability to handle tasks with significant complexity under minimal supervision requiring a high degree of technical competence
Additional Valued Attributes:
• Experience with core security concepts, embedded security best practices (e.g., secure boot, secure debug, secure storage, secure communications) and the secure development lifecycle activities
• Experience working with React or Angular is a plus
• Experience performing code audit or review efforts
• Experience working or leading in Agile development workflow
• Experience in designing, developing and debugging embedded security applications is a plus
• Familiarity with Automotive and Industry standards and best practices such at ISO-SAE 21434, SAE J3101
• Experience in security research, vulnerability generation
• Knowledge or experience with binary symbolic analysis and fuzzing frameworks (e.g., angr, BAP, AFL)
• Experience with vulnerability analysis using CVSS scoring and CWE types
• Experience with vulnerability management process (from proof-of-concept to remediation)