Toyota Research Institute

At Toyota Research Institute (TRI), we’re working to build a future where everyone has the freedom to move, engage, and explore with a focus on reducing vehicle collisions, injuries, and fatalities. Join us in our mission to improve the quality of human life through advances in artificial intelligence, automated driving, robotics, and materials science. We’re dedicated to building a world of “mobility for all” where everyone, regardless of age or ability, can live in harmony with technology to enjoy a better life. Through innovations in AI, we’ll…

– Develop vehicles incapable of causing a crash, regardless of the actions of the driver.
– Develop technology for vehicles and robots to help people enjoy new levels of independence, access, and mobility.
– Bring advanced mobility technology to market faster.
– Discover new materials that will make batteries and hydrogen fuel cells smaller, lighter, less expensive, and more powerful.

Our work is guided by a dedication to safety – in how we research, develop, and validate the performance of vehicle technology to benefit society. As a subsidiary of Toyota, TRI is fueled by a diverse and inclusive community of people who carry invaluable leadership, experience, and ideas from industry-leading companies. Over half of our technical team carries Ph.D. degrees. We’re continually searching for the world’s best talent ‒ people who are ready to define the new world of mobility with us!

We strive to build a company that helps our people thrive, achieve work-life balance, and bring their best selves to work. At TRI, you will have the opportunity to enjoy the best of both worlds ‒ a fun start-up environment with brilliant people who enjoy solving tough problems and the financial backing to successfully achieve our goals. Come work with TRI if you’re interested in transforming mobility through designing safer cars, enabling the elderly to age in place, or designing alternative fuel sources. Start your impossible with us.

Responsibilities:
Escalate Events & Incident Response
Review incident logs from Crowdstrike and G-Suite for marked spam, phishing, etc, to ensure new domains are investigated and blocked, on G-Suite and on the Palo altos
Investigate and recommend remediation in an incident report to help address impacted users/devices
Assist team members or lead-in issue resolution
Ability to respond to incidents and detail them
Internal usage for new software and Software-as-a-Service security assessments
Review new internal software and Software-as-a-Service security assessment asks, Document and evaluate the use case and enable the requestor with options if the requested software isn’t secure or not recommended by InfoSec
Provide security assessment on application architecture when requested covering, transport layer design, identity, and data design to ensure proper security controls are enabled
Detailed Third-party review with NIST, CIS and ISO, CMMC controls and document it and manage the lifecycle of use of the third party in TRI
Vulnerability Management
Work with IT on CVEs, IOC, etc. after doing our initial analysis and looking at logs and traffic. Present a clear plan on how remediation will be executed
Review patching vulnerability management cadence on endpoints and provide risk analysis by threat surface of TRI
Work well with vendors and scope out work and help with remediation and delivery
Good knowledge of OS hardening and how to check for them with new OS releases and security implications
Continuous Monitoring
Run DAST scans using Rapid 7 and monitor TRI’s domain scores in sScorecard regularly and put controls in place to enable TRI’s safety
Review traffic logs and ensure IDS and IPS rules are updated and are collecting logs being aggregated in Graylog
Look for traffic patterns and detect anomalies
Review G-Suite logs and alerts
Review System Eventgraylog logs regularly to understand system patterns based on TRI usage
Work closely with the cloud team to review and recommend AMIs and check the status of guard duty logs, the number of instances, and S3 buckets. How are they configured and what are our risks and provide a plan for remediation.
Run Qualys and Rapid 7 scans regularly and compare against CMDB entries in Service Now
Training & Awareness
Assist the team in driving pen-test engagements and other InfoSec events to increase Cybersecurity awareness
Help and run phishing campaigns, study the results from the campaigns, and identify ways to help educate the company
Assist with putting together and delivering security training for InfoSec tools, processes, etc.
General Duties
Establish a strong partnership with TRI members on security
Be a subject matter expert in one of the many domains and support the team (network, applications, cloud, devices)
Be able to professionally and effectively communicate with TRI leaders, users, and teammates
Design and architect security systems as needed and support and manage them as needed
Track requests and provide assistance with metrics gathering or presentation and make appropriate callouts based on the infosec metrics
Regularly review RBAC’s
Continuously look at the existing device, app, and network controls and identify areas for improvement using CIS controls as a baseline and adapting them for TRI
Encryption fundamentals at application and device-level knowledge are good to have.

Things to Know
G-Suite Administration, Graylog, Palo Alto firewalls, Meraki, Cisco DUO, okta, scorecard, knowbe4, crowdstrike, Qualys, Rapid7, Service Now, Automox, bit locker, proofpoint, ZenGRC/Prevalent/ArcherRSA

Frameworks to know
NIST, CIS, SOC audits, and ISO

Soft skills
Team player, active collaboration, ability to listen and understand the user, customer-first attitude, passion for InfoSec and enjoys being a hands-on technical person, ability to right-size by the environment, enabler Vs. blocker attitude, detail oriented, effective communicator

Preferred Certifications
CISSP, CISA, AWS Security Architect

To apply for this job please visit jobs.lever.co.