Cyber Product Security Engineer, Lead

Overview Who we are Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for talented team members who want to Dream. Do. Grow. with us. An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company- delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experience in an innovative, collaborative environment. Toyota does not offer support or sponsorship of job applicants for employment-based visas or any other work authorization for this role now or in the future. You must have the right to work in the United States and not require Toyota support or sponsorship for immigration-related employment (e.g., H-1B, O-1, E-3, H-1B1, TN, F-1 OPT, F-1 STEM OPT, F-1 CPT, TN, (job flexibility benefits) (also known as I-140 or Adjustment of Status portability), etc.) now or in the future. You should not apply for this role if you will require Toyota to assist with immigration support or sponsorship now or in the future. Who We’re Looking For  Toyota Financial Services (TFS) Technology team is looking for a highly motivated person to fill a role as a Cyber Product Security Engineer, Lead.  The primary responsibility of this role is to support security initiatives across the product lifecycle to ensure all products are designed, developed, and maintained with strong security principles. This role partners closely with product management, engineering, and security teams to embed security into product development, mitigate risks, and protect customers and company assets from evolving threats. This role requires deep technical expertise in product security, strong leadership abilities, and the capacity to collaborate effectively with cross-functional teams.  What you’ll be doing  Lead and collaborate with product engineering teams to build securely leveraging threat modeling, secure design reviews, vulnerability assessments, and security testing.  Collaborate with product managers, engineers, and architects to integrate security requirements and controls into the product development lifecycle (PDLC).  Oversee security risk assessments and mitigation plans for new and existing products.  Lead the design and implementation of product security policies, standards, and best practices in alignment with industry standards and regulatory requirements.  Safeguard our organization’s products with a comprehensive understanding of their security posture spanning every stage of the software lifecycle, enabling rapid, resilient delivery of value to customers.  Partner with security architecture, application security, cyber defense, product, IT operations, risk and governance ensuring products are secure.  · Leverage data-driven practices—centered on introducing an Application Security Posture Management (ASPM) platform—to continuously assess, prioritize risk remediation across applications, services, and pipelines.  Monitor and analyze security incidents related to applications, and coordinate incident response and remediation efforts as needed.  Stay current with emerging threats, vulnerabilities, and industry trends in product security.  Develop and maintain documentation related to product security architecture, processes, and procedures.  What You Bring  Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree preferred.  Extensive and progressive experience of 8+ years in application security, with a focus on secure software development practices and techniques.  Strong understanding of web application security vulnerabilities and mitigation strategies, such as OWASP Top 10.  Proficiency in programming languages commonly used in web application development, such as Java, Python, or JavaScript.  Certifications such as CISSP, CSSLP, CEH, or similar are highly desirable.  Excellent analytical and problem-solving skills, with the ability to analyze complex application security issues and recommend effective solutions.  Strong leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders.  Experience with cloud security, containerization, and DevSecOps practices is a plus.  Added bonus if you have    Experience with developing and Implementing Cyber Security Policies.  Risk Management Experience in a regulated environment.   Knowledge of Cyber Security Regulations and Laws.  Cyber Incident Response experience.  What We’ll Bring  During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:  A work environment built on teamwork, flexibility, and respect  Professional growth and development programs to help advance your career, as well as tuition reimbursement  Vehicle purchase & lease programs   Comprehensive health care and wellness plans for your entire family  Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute  Paid holidays and paid time off  Referral services related to prenatal services, adoption, childcare, schools and more  Relocation assistance (if applicable)  Belonging at Toyota Our success begins and ends with our people. We embrace all perspectives and value unique human experiences. Respect for all is our North Star. Toyota is proud to have 10+ diffe