Software Security Engineer

Programming languages: C, C++, ARM and/or Python

Cybersecurity: Fundamental security concepts (e.g., cryptography, encryption), evaluating system security based on standard controls (e.g., SELinux), identifying software security issues and vulnerabilities

Embedded/Firmware: Embedded security features (e.g., Secure Boot), Linux and other embedded operating systems

Reverse engineering and binary analysis tools (e.g., IDA Pro, Ghidra)

Interview process –
30 minutes of technical STAR/video interview with the team members

60 minutes of technical and behavioral STAR/video interview with the Hiring Manager and team members

Possibly an in-person interview with the Hiring Manager and the team

Role: Red Team Software Security Engineer

Overview

In this role you will play a pivotal role in shaping the overall cybersecurity posture for Toyota Motor North America (TMNA). Embedded within the Product Cybersecurity Group (PCG), the Product Security Testing Team (PSTT) performs advanced security testing engagements for pre-production automotive solutions worldwide.

In this role, you will be analyzing embedded system security, developing tools and proof-of-concept exploits and reverse engineering software from bootloaders to userland applications. We are looking for candidates who are passionate about system security and understand the landscape of software security defenses and features.

Due to the nature of this position, candidates must work on-site at Plano, TX. A hybrid model may be possible for strong candidates.

Responsibilities

Perform analysis of security requirements specifications against implementation

Execute penetration testing and reverse engineering of software and firmware

Communicate complex technical findings, remediation guidance and recommendations

Develop skills through research on new attack vectors, vulnerabilities, and exploits
Requirements

Qualifications:

Bachelor’s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired

Proficient in C, C++, ARM and/or Python (specifically for writing tools to help tasks)

Knowledge of core, fundamental security concepts (e.g., cryptography, encryption)

Knowledge of embedded security features and best practices (e.g., Secure Boot

Experience with Linux and other embedded operating systems

Experience with reverse engineering and binary analysis tools (e.g., IDA Pro, Ghidra)

Experience evaluating system security based on standard controls (e.g., SELinux)

Additional Valued Attributes

Knowledge of software fuzzing techniques and solutions (e.g., BAP, AFL)

Knowledge of symbolic execution and other advanced binary analyses (e.g. angr)

Experience with vulnerability analysis using CVSS scoring and CWE types

Experience in penetration testing and requirements verification

Experience in performing code audit or assessments