【１】Staff Product Security Engineer - Vehicle Software
Modern cars are an IoT device running complex, safety-critical software. Yet, their architecture has remained fundamentally unchanged for decades. What if we have an opportunity to redesign it with a software-first approach for all future Toyota cars and build an open software ecosystem with an abstraction layer so developers across the world can build software and services for autonomy, mobility, user experience and the connectivity of vehicles and physical infrastructure, with modern software tooling?
■WHO ARE WE LOOKING FOR?
The TRI-AD Security team is looking for exceptional product security engineers who will work on the new vehicle architecture and the software ecosystem. You will be expected to analyze system architecture, operating systems, networks and applications from an application security perspective. You will be expected to be skilled at discovering security issues and recommending solutions. You will participate in security audits, risk analysis, vulnerability testing and security reviews.
Help ensure TRI-AD’s products are implemented to a high security standard
Assist development teams in architecting and securing the new vehicle systems and the software ecosystem platform
Evaluate SoC vendor technologies and drive requirements on CPU, GPU, interconnect technologies
Assist the evaluation of operating systems for embedded systems
Participate threat modeling and application security reviews
Audit embedded code to identify security vulnerabilities
Identify security issues and risks, and developing mitigation plans
Evaluating and recommending new and emerging security products and technologies
Developing security tools and infrastructure
Provide expert support to product teams
Provide security training and facilitate secure development practices across the organization
【２】Application Security Engineer
The security team at TRI-AD is on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
■WHO ARE WE LOOKING FOR?
We are looking for an expert Application Security Engineer with strong background in AWS Security to ensure that our services and infrastructure are designed and implemented to the highest standards. The successful candidate will have a good mix of deep technical knowledge and a demonstrated background in information security.
The scope of the role is broad; you will participate in the secure design of new services and products, vulnerability analysis of applications and devices, work with developers to resolve security issues, and build tools for security automation. You will also help improve our application security program by developing technical standards and processes which allow developers to write secure programs.
We value broad and deep technical knowledge, specifically in the fields of application security for cloud systems, operating systems, cryptography, web applications, and embedded systems.
Partner with development and operations on designing and building secure applications and infrastructure for critical TRI-AD systems. When gaps are identified, drive issues to resolution by providing in-depth advisories, building tools, or contributing code as necessary.
Create threat models and security advisory for projects across the organizations.
Improve the application security program by enhancing technical standards and guidelines to foster secure development practices.
Improve the DevSecOps program with input from the Information Security and Development teams.
Implement security automation tools to scale our security efforts.
Understand security vulnerabilities and provide relevant technical guidance for the development teams.
Recognize, adopt and install the best practices in application security fields throughout the organization: leadership, development, support, network infrastructure, policy, compliance and PR.
Communicate effectively at multiple levels of sensitivity, and multiple audiences.
【３】Security Operations Engineer
Developing software for autonomy, mobility, user experience and the connectivity of vehicles and physical infrastructure today is hard and mostly gated. Can we give developers, automotive companies and mobility innovators better tools to work with? Can we create a better software ecosystem that enables daily software deployments, excites developers that were not excited before to write software for automotive and mobility? Can we do all that while maintaining the highest standards of safety and software quality?
The TRI-AD Security team helps the company to achieve these goals by creating and maintaining the safest operating environment for TRI-AD engineers.
■WHO ARE WE LOOKING FOR?
This position supports TRI-AD security engineers and managers with security operations and incident response activities. You will be responsible for coordinating and facilitating security response activities for all TRI-AD products and services. You will drive security related issues to resolution across numerous service teams, interacting directly with those teams and other TRI-AD Security engineers.
A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include small-project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.
Proactively support knowledge sharing within the team and across the company
Participate in efforts to promote security throughout the company and build good working relationships within the team and with others across TRI-AD
Demonstrate high capacity and tolerance for extreme context switching and interruptions while remaining productive and effective
Partner with teams throughout the company
Develop pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk· Security metrics delivery and improvements
Assistance with recruiting activities and administrative work
【４】Corporate Security Engineer
TRI-AD Information Security is looking for Corporate Security Engineers to ensure that our infrastructure operates to the highest standards required to maintain and enhance internal and external customer trust. If you enjoy analyzing, engineering, and architecting system services, custom services, COTS products, operating systems, networks, infrastructure applications, and you are skilled at investigating security issues and new threat scenarios, this position will provide you with a challenging opportunity to work alongside world-class talent in solving complex and far-reaching problems.
■WHO ARE WE LOOKING FOR?
A successful candidate will have a good mix of deep technical knowledge and a demonstrated background in Security Engineering and Infrastructure Engineering.
Protect the corporate infrastructure, which is comprised of Windows (Active Directory and Azure AD), MacOS, Linux, iOS and Chromebook devices by identifying threats via threat modeling and implementing countermeasures based on industry best-practices
Find technologies to identify and mitigate complex risks. Works to simplify, optimize, and prevent bottlenecks. Learn new areas quickly
Work in tandem with internal TRI-AD IT and Infrastructure Engineering teams to improve internal and external services
Respond to related security consultations and inquiries, negotiate resources, and security priorities with minimal guidance. Escalates and communicates effectively
Support large-scale security incident investigations, participate in or lead post-mortem analyses
Build and Operate security-related services for internal customers
Implement and operate company-wide security patch management program
Work with the internal Information Systems team to migrate on-premises resources to the Cloud
Develop information security policies based on best-practices with the team
Provide after-hours support for infrastructure related emergencies as well as occasional weekend maintenance
■休日：完全週休二日制, 年末年始, 土, 夏季休暇, 日