ABOUT WOVEN PLANET GROUP
Woven Planet Group (Woven Planet) represents a carefully curated blend of expertise and resources dedicated to bringing the vision of “Mobility to Love, Safety to Live” to life. Through innovations and investments in automated driving, robotics, smart cities, and more, we are transforming how humankind lives, works, and moves. We exist to design, build, and deliver secure, connected, and sustainable mobility solutions that benefit all people worldwide. Founded in 2018 as Toyota Research Institute - Advanced Development (TRI-AD), Woven Planet is composed of four complementary companies: Woven Planet Holdings, Woven Core, Woven Alpha, and Woven Capital.
The security team at Woven Planet is on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
WHO ARE WE LOOKING FOR?
We are looking for an expert Application Security Engineer with a strong background in secure software development to ensure that our software systems are designed and implemented to the highest standards. The scope of the role is broad; you will participate in the secure design of new services and products, vulnerability analysis of applications, work with developers to resolve security issues, and build tools for security automation. You will also help improve our application security program by developing technical standards and processes which allow developers to write secure software.
The successful candidate will have a good mix of deep technical knowledge and a demonstrated background in information security. We value broad and deep technical knowledge, specifically in the fields of application security for cloud systems, operating systems, cryptography, web applications, and embedded systems.
RESPONSIBILITIESPartner with development and operations on designing and building secure applications for critical Woven Planet systems. When gaps are identified, drive issues to resolution by providing in-depth advisories, building tools, or contributing code as necessary. Perform threat modeling and application security assessments for projects across the organizations.Improve the application security program by enhancing technical standards and guidelines to foster secure development practices.Improve the accessibility and enforceability of security through automation, CI/CD pipelines, and other means.Perform static/dynamic security testing for applications developed by Woven Planet to identify vulnerabilities and security defects. Manage the lifecycle of vulnerabilities, from identification to remediation and reporting.Mentor software engineers and provide training on security best practices.Communicate effectively at multiple levels of sensitivity, and multiple audiences.
PREFERRED QUALIFICATIONSGood knowledge of security features and mechanisms provided by AWS or GCP. AWS Certified Security or GCP Professional Cloud Security Engineer is a plus.Deep knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM.Experience implementing DevSecOps pipelines and converting manual processes into automated processes.Success in implementing effective Secure SDLC frameworks across a large corporation.Experience in managing application security testing tools like SAST, DAST, and Open Source Vulnerability Scanning. Good understanding of the following technologies and concepts: Microservice Architecture, Docker, Infrastructure as Code, CI/CD pipelines, Kubernetes.Familiarity with security and privacy frameworks and regulations (e.g. SOC, PCI-DSS, ISO, GDPR, CCPA)
If you are currently located outside of Japan, don't worry, we'll set an interview over Google Hangout Meet or Skype.