Security Engineer, Lead

Lead Cyber Security Engineer

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world's most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We're looking for talented team members who want to Dream. Do. Grow. with us.

An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company- delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experience in an innovative, collaborative environment.

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position currently.

Who We're Looking For

Toyota Financial Services (TFS) Technology team is looking for a highly motivated person to fill the role as a Lead Cyber Security Engineer.

Your primary responsibility is to architect, deploy, optimize, and maintain the organization's Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. Operating under the Information Security mandate, you will lead engineering efforts to ensure comprehensive log ingestion, detection fidelity, platform health, and automation capabilities that empower the Security Operations Center (SOC) and broader cyber defense teams.

We're looking for someone who thrives in a high-growth environment and brings deep technical expertise alongside strong engineering discipline, enabling you to build scalable, resilient security infrastructure that strengthens Toyota's detection and response posture.

What You'll Be Doing

• SIEM Engineering & Platform Health:

Lead the design, configuration, and ongoing maintenance of complex SIEM environments, including onboarding and managing diverse data sources, ensuring proper log parsing, normalization, and enrichment. Proactively monitor platform health, troubleshoot ingestion failures, and optimize storage and performance to maintain operational excellence.

• SOAR Development & Automation:

Design, build, and maintain SOAR playbooks and automated workflows that streamline alert triage, enrichment, and response actions. Continuously identify opportunities to reduce manual effort and accelerate mean time to detect (MTTD) and mean time to respond (MTTR) through intelligent automation.

• Agent Deployment & Endpoint Telemetry:

Lead the deployment, configuration, and lifecycle management of security agents across on-prem, cloud, and hybrid endpoint environments. Ensure consistent agent coverage, policy enforcement, and telemetry collection to maximize detection visibility across the enterprise.

• Detection Engineering & Data Source Management:

Develop and tune detection rules, correlation logic, and alerting thresholds within the SIEM to improve signal-to-noise ratio and detection accuracy. Partner with threat intelligence and SOC teams to translate emerging threats into actionable detection content. Manage the full lifecycle of data source integrations, including scoping, onboarding, validation, and ongoing health monitoring.

• Scripting & Automation Development:

Leverage scripting languages such as Python and PowerShell to build custom tooling, automate repetitive engineering tasks, develop API integrations, and enhance platform capabilities beyond out-of-the-box functionality.

• Process Development & Standardization:

Assist in the development and maintenance of standard operating procedures (SOPs), engineering runbooks, and documentation that streamline data source onboarding, platform maintenance, and incident support workflows. Continuously refine processes to improve efficiency and consistency.

Lead Cyber Security Engineer

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position currently.

What You Bring

• 5+ years of experience in cyber security engineering, with hands-on expertise in SIEM administration and engineering, SOAR platform development, log management, data source onboarding, and security agent deployment and lifecycle management.

• Subject matter expertise in one or more SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic, Palo Alto XSIAM/XSOAR, Phantom, Swimlane, etc.)

• Strong understanding of log source types, parsing methodologies, data normalization techniques, and common log formats (e.g., Syslog, CEF, JSON, XML, Windows Event Logs).

• Proficiency in scripting languages, particularly Python and PowerShell, with demonstrated ability to build automation, custom integrations, and engineering tooling.

• Excellent communication skills with the ability to collaborate with and influence stakeholders at all levels, including SOC analysts, infrastructure teams, and leadership.

Added Bonus If You Have

• A bachelor's degree in a relevant field (e.g., Cybersecurity, Computer Science, Engineering, Information Technology) or equivalent work experience.

• Experience in a regulated industry (e.g., finance, healthcare, government).

• Proficiency in additional query and scripting languages (e.g., CQL, SQL, KQL, SPL, EQL, Yara, Bash).

• Experience with security agent platforms such as CrowdStrike Falcon, or Halcyon.

• Proficiency in AWS and Azure cloud environments, with a strong understanding of cloud-native logging, data flows, and access management.

• Experience building and maintaining API-based integrations between security tools and platforms.

• Familiarity with CI/CD pipelines and infrastructure-as-code practices applied to security tooling.

• AWS: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Associate/Professional, AWS Certified SysOps Administrator – Associate

• Azure: Microsoft Certified: Security Operations Analyst Associate (SC-200), Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Certified: Azure Administrator Associate (AZ-104)

• Cribl: Cribl Certified Observability Engineer (CCOE), Cribl Certified Admin

• CrowdStrike: CrowdStrike Certified Falcon Administrator (CCFA), CrowdStrike Certified Falcon Responder (CCFR), CrowdStrike Certified Falcon Hunter (CCFH)

What We'll Bring

During your interview process, our team can fill you in on all the details of our industry-leading benefits and career development opportunities. A few highlights include:

• A work environment built on teamwork, flexibility, and respect.

• Professional growth and development programs to help advance your career, including tuition reimbursement.

• Team Member Vehicle Purchase Discount.

• Toyota Team Member Lease Vehicle Program (if applicable).

• Comprehensive health care and wellness plans for your entire family.

• Toyota 401(k) Savings Plan with a company match, plus an annual retirement contribution from Toyota regardless of your own contributions.

• Paid holidays and paid time off.

• Referral services for prenatal services, adoption, childcare, schools, and more.

• Tax advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).

• Relocation assistance (if applicable).

Belonging at Toyota

Our success begins and ends with our people. We embrace all perspectives and value unique human experiences. Respect for all is our North Star. Toyota is proud to have 10+ different Business Partnering Groups across 100 different North American chapter locations that support team members' efforts to dream, do and grow without questioning that they belong.

Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, military or veteran status, or any other characteristics protected by law.

Have a question, need assistance with your application or do you require any special accommodations? Please send an email to View email address on click.appcast.io.