Job Description
Overview Who we are Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world’s most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We’re looking for talented team members who want to Dream. Do. Grow. with us. An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company- delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experience in an innovative, collaborative environment. To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position currently. Who We're Looking For Toyota Financial Services (TFS) Technology team is looking for a highly motivated person to fill the role as a Lead Cyber Security Engineer. Your primary responsibility is to architect, deploy, optimize, and maintain the organization's Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. Operating under the Information Security mandate, you will lead engineering efforts to ensure comprehensive log ingestion, detection fidelity, platform health, and automation capabilities that empower the Security Operations Center (SOC) and broader cyber defense teams. We're looking for someone who thrives in a high-growth environment and brings deep technical expertise alongside strong engineering discipline, enabling you to build scalable, resilient security infrastructure that strengthens Toyota's detection and response posture. What You'll Be Doing SIEM Engineering & Platform Health: Lead the design, configuration, and ongoing maintenance of complex SIEM environments, including onboarding and managing diverse data sources, ensuring proper log parsing, normalization, and enrichment. Proactively monitor platform health, troubleshoot ingestion failures, and optimize storage and performance to maintain operational excellence. SOAR Development & Automation: Design, build, and maintain SOAR playbooks and automated workflows that streamline alert triage, enrichment, and response actions. Continuously identify opportunities to reduce manual effort and accelerate mean time to detect (MTTD) and mean time to respond (MTTR) through intelligent automation. Agent Deployment & Endpoint Telemetry: Lead the deployment, configuration, and lifecycle management of security agents across on-prem, cloud, and hybrid endpoint environments. Ensure consistent agent coverage, policy enforcement, and telemetry collection to maximize detection visibility across the enterprise. Detection Engineering & Data Source Management: Develop and tune detection rules, correlation logic, and alerting thresholds within the SIEM to improve signal-to-noise ratio and detection accuracy. Partner with threat intelligence and SOC teams to translate emerging threats into actionable detection content. Manage the full lifecycle of data source integrations, including scoping, onboarding, validation, and ongoing health monitoring. Scripting & Automation Development: Leverage scripting languages such as Python and PowerShell to build custom tooling, automate repetitive engineering tasks, develop API integrations, and enhance platform capabilities beyond out-of-the-box functionality. Process Development & Standardization: Assist in the development and maintenance of standard operating procedures (SOPs), engineering runbooks, and documentation that streamline data source onboarding, platform maintenance, and incident support workflows. Continuously refine processes to improve efficiency and consistency. Lead Cyber Security Engineer To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position currently. What You Bring 5+ years of experience in cyber security engineering, with hands-on expertise in SIEM administration and engineering, SOAR platform development, log management, data source onboarding, and security agent deployment and lifecycle management. Subject matter expertise in one or more SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic, Palo Alto XSIAM/XSOAR, Phantom, Swimlane, etc.) Strong understanding of log source types, parsing methodologies, data normalizatio