Senior Incident Response Engineer

Updated on 11/6/2023

1,001-5,000 employees

Developing next-generation vehicles for universal mobility society

Company Overview

Woven by Toyota, based in Chuo-ku Tokyo, is a forward-thinking company dedicated to the development of next-generation cars and the realization of a mobility society, focusing on safety, freedom, and happiness for all. They utilize advanced tools and technologies such as their vehicle software OS and platform, Arene, and Automated Driving/Advanced Driver Assistance Systems to ensure efficient development and deployment of high-quality vehicle software. The company's commitment to safety and improvement is evident in their construction of Woven City, a test course for mobility that encourages collaboration and invention, and their ongoing efforts to integrate mobility with social systems.

Automotive & Transportation

Company Stage

Seed

Total Funding

$35.6M

Founded

2020

Headquarters

Chuo City, Japan

Growth & Insights

Headcount

6 month growth

↑ 11%

1 year growth

↑ 11%

2 year growth

↑ 11%

Locations

London, UK

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Bash

Google Cloud Platform

PowerShell

Microsoft Azure

Operating Systems

Splunk

Terraform

Python

Communications

CategoriesNew

IT & Security

Software Engineering

Requirements

5+ years or more of demonstrated experience in security operations and incident response
Practical experience in network- and host-based digital forensics across multiple operating systems
In-depth experience working with a variety of monitoring tools, including SIEM, endpoint security, intrusion detection/prevention, packet analysis, CASB, and SOAR
Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix
Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts in English

Responsibilities

Respond to alerts and handle digital forensics
Continuously improve our monitoring systems' detection and response capabilities as well as processes, procedures, and playbooks
Plan and execute monitoring system architectural changes
Lead Incident Response efforts when dealing with confirmed security incidents
Automate analysis and response steps to reduce manual toil
Help prioritize the creation of new SOC use cases to ensure optimum ROI for engineering effort
Communicate effectively at multiple levels of sensitivity, and multiple audiences
Recognize, adopt and instill the best practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, incident response, security intelligence
3 days per week in-office
Rotating primary on-call coverage during local business hours
Rotating weekend on-call coverage (once a quarter)

Desired Qualifications

Experience leading the deployment of a major SIEM platform (Splunk, QRadar, Sentinel, ArcSight, etc) and/or EDR platform (Crowdstrike, Defender for Endpoint, Cylance, etc)
Experience with malware analysis and reverse engineering
7+ years of experience in cyber security and adjacent fields such as systems engineering, network management, cloud security, and/or application security
2+ years in a security engineering leadership position
2+ years of scripting/coding experience with one or more languages
Relevant industry certifications, a degree in cyber security or adjacent fields, or cyber security boot camps
Experience in python, powershell, bash
Experience with an Infrastructure as Code tool like terraform
Familiarity with cloud platforms like AWS, Azure or GCP

Woven by Toyota is the mobility technology subsidiary of Toyota Motor Corporation. Our mission is to deliver safe, intelligent, human-centered mobility for all. Through our Arene mobility software platform, safety-first automated driving technology and Toyota Woven City — our test course for advanced mobility — we’re bringing greater freedom, safety and happiness to people and society.

Our unique global culture weaves modern Silicon Valley innovation and time-tested Japanese quality craftsmanship. We leverage these complementary strengths to amplify the capabilities of drivers, foster happiness, and elevate well-being.

WHO ARE WE LOOKING FOR:

We are seeking an experienced Incident Response engineer to support our Security Incident Response Team. The right candidate will have an in-depth understanding of the overall security landscape, be experienced in tuning detection systems to spot attacker Tactics, Techniques, and Procedures (TTPs), and have a proven background in designing and deploying Security Information Event Management (SIEM) systems. They will work with the analysis team to continuously improve our detection systems’ visibility by integrating new log sources, building out new use cases based on intel generated by our intelligence team, analysis of recovered malware samples, and following common frameworks like MITRE ATT&CK.

They will lead responses to active incidents, collaborating with IT, security, and business stakeholders to kick attackers out of our systems as quickly as possible. They will provide technical mentorship to junior members of the team, and act as an escalation tier for complex analysis. We are looking for an individual who can balance technical risks against business risks and consistently drive for the right results. They must have the passion for engineering solutions to complex security challenges, and recognize and fill gaps in capabilities. The ability to quickly design and build internal-facing tools that enable scaled programmatic automation is core to our organization.

The successful candidate will have a good mix of deep technical knowledge, a demonstrated background in information security, and an analytical mindset that is driven by curiosity. We value broad and deep technical knowledge, specifically in the fields of operating system security, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence. The role is Hybrid and located in London, UK.

RESPONSIBILITIES:

Respond to alerts and handle digital forensics
Continuously improve our monitoring systems’ detection and response capabilities as well as processes, procedures, and playbooks
Plan and execute monitoring system architectural changes
Lead Incident Response efforts when dealing with confirmed security incidents
Automate analysis and response steps to reduce manual toil
Help prioritize the creation of new SOC use cases to ensure optimum ROI for engineering effort
Communicate effectively at multiple levels of sensitivity, and multiple audiences
Recognize, adopt and instill the best practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, incident response, security intelligence.
3 days per week in-office
Rotating primary on-call coverage during local business hours
Rotating weekend on-call coverage (once a quarter)

MINIMUM QUALIFICATIONS:

5+ years or more of demonstrated experience in security operations and incident response
Practical experience in network- and host-based digital forensics across multiple operating systems
In-depth experience working with a variety of monitoring tools, including SIEM, endpoint security, intrusion detection/prevention, packet analysis, CASB, and SOAR
Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix
Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts in English.

PREFERRED QUALIFICATIONS:

Experience leading the deployment of a major SIEM platform (Splunk, QRadar, Sentinel, ArcSight, etc) and/or EDR platform (Crowdstrike, Defender for Endpoint, Cylance, etc)
Experience with malware analysis and reverse engineering
7+ years of experience in cyber security and adjacent fields such as systems engineering, network management, cloud security, and/or application security
2+ years in a security engineering leadership position
2+ years of scripting/coding experience with one or more languages
Relevant industry certifications, a degree in cyber security or adjacent fields, or cyber security boot camps
Experience in python, powershell, bash
Experience with an Infrastructure as Code tool like terraform
Familiarity with cloud platforms like AWS, Azure or GCP

WHAT WE OFFER

We are committed to creating a modern work environment that supports our employees and their loved ones. We offer many options of the best programs to allow you to do your most meaningful work and to help you shape the future of mobility.

・Excellent health, wellness, dental and vision coverage

・A rewarding pension

・Flexible vacation policy

・Family planning and care benefits

By submitting your application you agree to the following terms: https://woven.toyota/en/applicant-privacy-notice

Our Commitment

・We are an equal opportunity employer and value diversity.

・We pledge that any information we receive from you will be used ONLY for the purpose of hiring assessment.