Threat Research & Analysis Center (TRAC) Analyst

Toyota’s Threat Research & Analysis Center (TRAC) is responsible for the collection and dissemination of cybersecurity threat intelligence for all Toyota affiliates, supporting a threat informed defense strategy. TRAC Researchers are responsible for tracking threats internally and externally, supporting Incident Response and Incident Detection, conducting threat hunts, building tools and processes for automating workflows, and tracking threat actor infrastructure and payloads.

Essential Functions:

• Research threat actors, campaigns, trends, attack vectors and TTPs internally and externally to develop threat informed defenses.

• Track infrastructure and payloads associated with priority threats.

• Actively hunt for cybercrime and APT Tactics, Techniques and Procedures (TTPs).

• Work with the threat detection engineering team to translate high-fidelity, repeatable hunts into 24/7 monitoring alerts.

• Work with Incident Detection, Incident Response, and other teams to coordinate research topics, answer RFIs, and inform the global Toyota ecosystem of new and emerging or impending cyber threats.

• Participate in threat briefings and report creation.

• Document and update processes and procedures.

• Participate in an on-call rotation for Incident Response support.

• Other tasks and responsibilities as assigned by leadership.

• Be able to demonstrate an understanding of and ability to translate technical aspects such as digital forensics, malware analysis, APTs, and TTPs, to support the effective management of TRAC team operations

• Coordinate priorities amongst TRAC team members, documenting and communicating to all stakeholders as required.

• Develop robust reporting to reflect TRAC team activities, challenges and key updates for team members, management and other stakeholders.

Minimum Qualifications:

• 3+ years of experience in Security Operations, Incident Response, or Security Engineering.

• Malware analysis, reverse engineering, or digital forensics experience is a plus.

• Python development and experience building automation is a plus.

• Knowledge of cyber threat actors, groups, and the TTPs they operate with.

• Knowledge of operating system internals and attack techniques.

• Experience with offensive and defensive security tools and OSINT collection.

• Advanced knowledge of network monitoring and network exploitation techniques.

• Experience with common attack vectors, including advanced adversaries (nation state/financial motivation).

• Knowledge of how network protocols and applications work at the network level.

• Experience tracking threat actor infrastructure.

Preferred Qualifications:

• Ability to demonstrate analytical expertise, close attention to details, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.

• Self-motivated with a desire to set goals independently.

• Ability to learn and operate in a dynamic environment.

• Strong verbal and written communication skills.