Red Team/Purple Team Cybersecurity Lead

Excited to grow your career at Toyota?

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!

Our people make all the difference in our success.

This position is based in Plano, TX, with a hybrid mix of some in-office time and some remote work.

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position currently.

Who we're looking for

Toyota's Cybersecurity & Risk Management (CSRM) group objective is to become a global cybersecurity leader in the mobility space - with the talent, scale, and services to enable our mission of securely bringing mobility for all.

• Plan, coordinate, and execute red team exercises to identify vulnerabilities, control gaps, and potential attack vectors in Toyota's information systems.
• Collaborate with external red team partners to ensure effective and comprehensive engagements.
• Work closely with the blue team to conduct ongoing purple team exercises, sharing insights and knowledge to improve overall security posture.
• Analyze and prioritize findings from red and purple team exercises, making data-driven recommendations to enhance the security of Toyota's systems.
• Produce high-quality reports detailing the results of exercises, including vulnerabilities, risks, and proposed mitigations, and highlighting larger thematic improvement opportunities.
• Provide guidance and support for the implementation of recommended security controls and improvements.
• Stay current with emerging threats, trends, and best practices in the cybersecurity landscape to ensure that Toyota's defenses remain effective and up to date.
• Foster a culture of continuous learning and improvement within the cybersecurity team.

• 5+ years of experience in cybersecurity, with a focus on red team, purple team, or penetration testing activities.
• Strong understanding of security principles, attack methodologies, and vulnerability assessment techniques.
• Experience with common red team tooling platforms, such as Cobalt Strike, Sliver, etc.
• Deep knowledge of common network protocols, operating systems, and security tools, and how to exploit/circumvent them.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong written and verbal communication skills, with the ability to effectively convey technical information to both technical and non-technical stakeholders.
• Bachelor's degree in computer science or related discipline, or equivalent work experience.

• Experience with threat detection, incident response, and implementing or developing mitigating controls in a large environment.
• Familiarity with attacker evasion techniques.
• Exploitation experience with Active Directory / Azure Active Directory, containerization platforms (Docker, Kubernetes, etc.), and major cloud environments (AWS, Azure, GCP, etc.)
• Knowledge of industry-standard frameworks and best practices (e.g., NIST, ISO, OWASP).
• Master's degree in computer science or related discipline.
• Relevant certifications (e.g., OSCP, OSCE, CISSP) are highly desirable.

• A work environment built on teamwork, flexibility, and respect.
• Professional growth and development programs to help advance your career, as well as tuition reimbursement.
• Vehicle purchase & lease programs.
• Comprehensive health care and wellness plans for your entire family.
• Flexible work options based on business needs.
• Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute.
• Paid holidays and paid time off.
• Referral services related to prenatal services, adoption, childcare, schools and more.
• Tax Advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).