Red Team Embedded Security Engineer
About TTS-US
Founded in 2011, Toyota Tsusho Systems US, Inc. (TTS-US) is a global technology company that develops and provides cybersecurity and technology services, and builds solutions focused on defending critical networks. Based in Plano, Texas TTS-US, a Toyota group company, has rapidly transformed itself into a technology and mobility establishment and a leading provider of IT security, including network security, endpoint security, cloud security, cloud workload, mobile security, data security, and security management in addition to threat intelligence, and cyberattack response services.
Overview:
Embedded within the Product Cybersecurity Group (PCG), the Product Security Testing Team (PSTT) performs advanced security testing engagements for pre-production automotive solutions worldwide.
In this role, you will be analyzing embedded system security, developing tools and proof-of-concept exploits and reverse engineering software from bootloaders to userland applications. We are looking for candidates who are passionate about system security and understand the landscape of software security defenses and features.
Responsibilities:
- Perform analysis of security requirements specifications against implementation
- Execute penetration testing and reverse engineering of software and firmware
- Communicate complex technical findings, remediation guidance and recommendations
- Develop skills through research on new attack vectors, vulnerabilities, and exploits
Qualifications:
- Bachelor’s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired
- Proficient in C, C++, ARM and/or Python (specifically for writing tools to help tasks)
- Knowledge of core, fundamental security concepts (e.g., cryptography, encryption)
- Knowledge of embedded security features and best practices (e.g., Secure Boot)
- Experience with Linux and other embedded operating systems
- Experience with reverse engineering and binary analysis tools (e.g., IDA Pro, Ghidra)
- Experience evaluating system security based on standard controls (e.g., SELinux)
- Experience with identifying software security issues and vulnerabilities
Additional Valued Attributes:
- Knowledge of software fuzzing techniques and solutions (e.g., BAP, AFL)
- Knowledge of symbolic execution and other advanced binary analyses (e.g. angr)
- Experience with vulnerability analysis using CVSS scoring and CWE types
- Experience in penetration testing and requirements verification
- Experience in performing code audit or assessments