Job Directory Application Security Senior Analyst

Application Security Senior Analyst
Dallas, TX

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.


Job Description

Who we are

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world's most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We're looking for diverse, talented team members who want to grow and challenge what's possible.

An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company - delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experiences in an innovative, collaborative environment.

Who we're looking for

The TFS Information Security Department is looking for a passionate and highly-motivated Application Security Senior Analyst.

The Information Security group is responsible for protecting Toyota Financial Services information assets from unauthorized disclosure, accidental or intentional loss of data, and modification. This group works to proactively identify existing and emerging risks and threats and implement strategies and mitigations for them.

This role specifically aids in that objective by working within the Vulnerability Management team to ensure applications are not introducing vulnerabilities into the environment, actively seek out vulnerabilities that may be present in the environment and guiding the developer teams to remediate the issues discovered. This role interacts with many different groups and individuals throughout the company in analyzing the information collected. Additionally, this role may aid our international affiliates with similar application security program needs when necessary.

This position is responsible for the following areas: static application code security and dynamic application testing. The application security responsibilities include: developing the application security testing program, scanning applications, manual application testing, developing and integrating the application security testing solution to the development technologies (e.g., bug trackers and development systems), supporting the development teams in remediating findings, coordinating conversations to debrief between development teams or other application security architects when necessary, and passing findings to the Risk and Vendor Security team for tracking as needed. The application testing responsibilities include the safe testing of the internal environment looking for exploitable vulnerabilities, documenting testing steps and findings to then communicate findings with remediation teams.

What you'll be doing

* Analyze industry threats and cross compare against your experience and the TFS environment to identify potential risks, develop testing plans to determine vulnerability to risks, perform tests, and identify and recommend mitigations to findings.
* Develop, own, and continuously improve the process of performing security tests on networks, applications, and computer systems.
* Perform safe and detailed security testing on applications, computers systems, and networks that are external or internal facing using manual tests and automated tools (such as: code scanning tools (dynamic/static), manual exploit testing scripts, manual application logic crawling).
* Identify, document, and clearly explain findings and recommended remediation's to found findings and potential risks to both technical remediation teams and management teams.
* Demonstrate to technology and system owners how to exploit found vulnerabilities (break into) on applications and systems when they are identified to aid teams in understanding and remediating.
* Conduct compliance hardening assessments of applications, servers, systems, and network devices to evaluate their security.
* Collaborate with development and technology teams providing recommendations to influence an enterprise mitigation strategy.
* Broadly advocate for the security of applications and systems serving as the primary internal subject matter expert and point of contact for application security questions.
* Champion new processes and deploy tools to discover weaknesses in applications.
* Create and maintain application security program roadmap
* Develop and distribute reports of findings by topic
* Capture and share lessons learned during the course of application development issue identification.
* Advocate the services and role of the security department and how it contributes to the overall goals and business strategy of TFS Technology owners.
* Get buy-in with TFS Technology owners to integrate security tests within the development workflow.
* Transfer findings to the Risk team and Vendor Security team and provide ongoing tracking and maintain ownership of finding remediation with resolution teams.

What you bring

* Associate Two-Year College Degree required
* Extensive years of relevant work experience (in similar field and/or industry)
* Wide-ranging experience in Application Security

* CISSP and/or CISM security certification required
* Experience with application security tools and practices
* Experience with software development tools and practices
* Experience with network devices and network architecture
* Experience working with large enterprise environments
* Penetration testing experience, proven with knowledge of how to do it safely
* Knowledge of programing languages and programing constructs
* Knowledge of security architecture, networking, and application security frameworks and best practices
* Strong network and infrastructure background
* Recognized ability to balance competing requirements and interests, manage multiple projects simultaneously, optimize results and effectively meet business needs while working in a highly dynamic and rapidly changing environment
* Demonstrated strong attention to detail, documentation and organizational skills
* Excellent verbal and written communication skills
* Ability to collaborate in a team setting, as well as work independently

Added bonus if you have

* Other cyber risk industry certifications
* Wide-ranging experience in Application Security
* Four-Year College Degree (BA or BS) or Masters

What we'll bring

During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:

* A work environment built on teamwork, flexibility and respect
* Professional growth and development programs to help advance your career, as well as tuition reimbursement
* Vehicle purchase & lease programs
* Comprehensive health care and wellness plans for your entire family
* Flexible work options based on business needs
* Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute
* Paid holidays and paid time off
* Referral services related to prenatal services, adoption, child care, schools and more
* Flexible spending accounts
* Relocation assistance
* Onsite amenities such as fitness center, restaurants, etc.

What you should know

Our success begins and ends with our people. We embrace diverse perspectives and value unique human experiences. We are proud to be an equal opportunity employer that celebrates the diversity of the communities where we live and do business. Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.

Have a question or need assistance with your application? Check out the How to Apply section of our careers page on!

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.