Application Security Engineer, Automated Mapping Platform

Nihonbashi, Tokyo

TRI-AD logo
TRI-AD
Apply now Apply later

Posted 1 month ago

COMPANYToyota Research Institute - Advanced Development (TRI-AD) was established in March 2018 as a $2.8 billion joint venture between Toyota Motor Corporation (TMC), Aisin Seiki Co., Ltd. (Aisin), and Denso Corporation (Denso) to develop fully-integrated, production-quality software and automated driving technology.  TRI-AD is headquartered in Tokyo, Japan and aims to create a smooth software pipeline from research-to-commercialization, and strengthen the collaboration within the Toyota Group in the domains of research and advanced development.  The core mission of TRI-AD is to become a world-class software and technology company and to build the safest car in the world.  Attracting top talent internationally, TRI-AD has adopted English as its official language in order to facilitate collaboration and partnerships globally. 
TEAMThe Automated Mapping Platform team is responsible for developing a new high definition mapping cloud platform by integrating sensor data from vehicles and global imagery from satellites. It is an open software platform based on a contribution model: participating developers accept that vehicles deploying their application or software supply anonymized sensor data to the platform. In return, every developer has easy, safe, open and sustainable access to high definition maps from across industries, fleets and car makers. One-stop-shop open APIs that allow developers to focus on building software. No need to worry about specific map implementations and maintenance, just pull down the data needed whenever it is needed. 
WHO ARE WE LOOKING FOR?We are looking for an Application Security Engineer with a background in secure software development. This is to ensure that the Automated Mapping Platform (AMP) software systems are designed and implemented to the highest standards. You will participate in the secure design of new services and products, and vulnerability analysis of applications. You will be working with AMP developers - as well as external application developers developing on our platform - to resolve security issues, and build tools for security automation. You will also help improve our application security program by developing technical standards and processes which allow developers to write secure software.   
The successful candidate will have a good mix of technical knowledge and a background in information security. We value broad technical knowledge, specifically in the fields of application security for cloud systems, operating systems, cryptography, web applications, and embedded systems.

RESPONSIBILITIES

  • Partner with development and operations on designing and building secure applications for critical AMP systems. When gaps are identified, collaborate on issues to resolution by providing in-depth advisories, building tools, or contributing code as necessary
  • Implement threat modeling and application security assessments for projects across AMP
  • Partner with Woven Planet’s global security team on application security, risk management and governance efforts
  • Develop and improve the application security program for AMP by enhancing technical standards and guidelines to foster secure development practices
  • Collaborate on improving the accessibility and enforceability of security through automation, CI/CD pipelines, and other means
  • Conduct static/dynamic security testing for applications developed by AMP, as well as external developers on top of the platform, to identify vulnerabilities and security defects
  • Manage the lifecycle of vulnerabilities, from identification to remediation and reporting
  • Mentor software engineers across the AMP team and provide training on security best practices
  • Communicate effectively at multiple levels of sensitivity, and multiple audiences.

MINIMUM QUALIFICATIONS

  • 3+ years of engineering experience in information security or software development
  • 1+ years of experience on an Application Security team, especially in providing security requirements, conducting risk assessment, threat modeling, and security code review
  • Hands-on experience with software development in one or more general-purpose development languages such as Python, Ruby, Go, C/C++, Java, and JavaScript
  • Experience with DevSecOps pipelines and helping convert manual processes into automated processes
  • Experience in application design, application security testing, and risk management
  • Understanding of the following technologies and concepts: Microservice Architecture, Docker, Infrastructure as Code, CI/CD pipelines, Kubernetes
  • Ability to effectively present and communicate security threats and risks to an audience, including mitigation techniques and strategies
  • A good understanding of privacy laws in multiple regions (e.g. GDPR, CCPA/CPRA, APPI) 

PREFERRED QUALIFICATIONS

  • Good knowledge of security features and mechanisms provided by AWS or GCP. AWS Certified Security or GCP Professional Cloud Security Engineer is a plus
  • Understanding of software, computer, network architectures, and cryptography usage
  • Knowledge of secure coding principles and common application security vulnerabilities, such as OWASP Top 10 and CWE 25 vulnerabilities
  • Knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM. Understanding of Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
  • Success in implementing effective Secure SDLC frameworks across a large corporation
  • Experience in managing application security testing tools like SAST, DAST, and Open Source Vulnerability Scanning
  • Familiarity with security and privacy frameworks (e.g.  NIST-800-171)
If you are currently located at outside of Japan, don't worry, we'll set an interview over Google Hangout Meet or Skype.
By submitting your application you agree to the following terms:Click here
We are an equal opportunity employer and value diversity.
Job tags: Architecture Automation AWS C Cryptography Docker GDPR Go Google Java JavaScript Kubernetes NIST Open Source Python Risk assessment Ruby Security assessments Vulnerabilities
Job region(s): Asia/Pacific
Share this job: