Product Security Engineer

Product Security Engineer- Mobile App SecurityPlano, Texas (Hybrid)DescriptionOverviewIn this role, you will play a pivotal role in shaping the overall cybersecurity posture for Toyota Motor North America (TMNA). Embedded within the Product Cybersecurity Group (PCG), the Product Security Testing Team (PSTT) performs advanced security testing engagements for pre-production vehicle ecosystem for the next generation automotive solutions worldwide.Description:In this role, you will focus on identifying, assessing, and mitigating security risks across various platforms including APIs, mobile applications (iOS and Android), wireless protocols, and Linux systems.The candidate will also be responsible for penetration testing, proof-of-concept exploits, reverse engineering software to uncover vulnerabilities, and assess their potential impact. We are looking for candidates who are passionate about system security and have a broader and deeper understanding of the security landscape across software, wireless networks, and APIs. Due to the nature of this position, candidates must work on-site at Toyota HQ in Plano, TX. A hybrid model may be possible for strong candidates.Summary:o This positions responsibility includes:o Conduct analysis of security requirements specifications against implementationo Perform security assessments, and penetration testing including but not limited to mobile applications (iOS and Android), wireless security, APIs, and Linux OSo Communicate complex technical findings, and recommending the appropriate course of action, and supporting the mitigation and re-validation effortso Develop skills through continuous learning and apply what you have learned relevant to emerging attack vectors, vulnerabilities, and exploits.Requirementso Bachelors degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desiredo Hand-on experience with Linux Operating Systems and shell scriptingo Hands-on experience performing security assessment on OS or application-level of iOS/Android applicationso Proficient in programming languages such as C/C++, Java, Swift, Kotlin, and Pythono Knowledge of network security principles and various wireless security protocolso Knowledge of APIs security, and authentication protocols such as OAuth, SAML, etc.o Hands-on experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysiso Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management processo Deep understanding of API security best practiceso Strong interest to acquire and develop additional skills such as Embedded systems security fundamentalso Understanding of hardware principles with a focus on security aspects (e.g., Hardware Security Module, Secure Boot)o Strong background in security engineering, various authentication, and security protocolso Strong understanding of Mobile OS security internalso Deep experience in mobile security, obfuscation techniques, and reverse engineeringo Experience developing security testing framework and contributing to open-source projectso Experience working with Software Define Radio and tools developmento Knowledge of Cloud platforms such as AWS, GCP or Azure