API Security Engineer
Location: Plano, TX

Excited to grow your career at Toyota?
We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!
Our people make all the difference in our success.
An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company – delivering on Toyota’s vision to move people beyond what’s possible. At TFS, you will help create best-in-class customer experiences in an innovative, collaborative environment.
To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position at this time.
Toyota Financial Services (TFS) Technology team is looking for a highly motivated person to fill a role as an API Security, Engineer.
We are looking for a knowledgeable and proactive API Security Engineer to join our security team. In this role, you will be responsible for securing APIs across the organization by identifying vulnerabilities, implementing best practices, and collaborating with development teams to ensure secure design and deployment of APIs.
What you’ll be doing 

• Design and implement security controls for APIs across internal and external applications.
• Conduct API security assessments, including penetration testing, fuzzing, and vulnerability scanning.
• Monitor API traffic for anomalies, abuse, and potential threats using API gateways and security tools.
• Collaborate with development and DevOps teams to integrate security into the API lifecycle (design, development, testing, deployment).
• Define and enforce API security standards, including authentication, authorization, rate limiting, and encryption.
• Develop and maintain API security policies and documentation.
• Stay current with emerging API threats, vulnerabilities, and security technologies.
• Assist in incident response and forensic analysis related to API security breaches.
• Evaluate and implement API security tools such as WAFs, API gateways, and runtime protection platforms.

What You Bring 

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 3+ years of experience in application or API security.
• Strong understanding of RESTful and GraphQL APIs, OAuth2, JWT, and API authentication mechanisms.
• Experience with API gateways including configuring authentication, authorization, rate limiting, and threat protection policies (e.g., Apigee, AWS API Gateway, Kong, Azure API Management).
• Familiarity with OWASP API Security Top 10 and secure coding practices.
• Hands-on experience with tools like Postman, Burp Suite, OWASP ZAP, or similar.
• Knowledge of common API vulnerabilities such as injection, broken authentication, excessive data exposure, etc.

Added bonus if you have?? 

• Certifications such as:
• GIAC Web Application Penetration Tester (GWAPT)
• Certified API Security Professional (by APIsec University)
• Offensive Security Web Expert (OSWE)
• Experience with DevSecOps and CI/CD pipeline integration.
• Familiarity with cloud-native API security in AWS, Azure, or GCP.
• Familiarity with securing and managing API gateways, including policy enforcement, traffic monitoring, and integration with identity providers.
• Scripting or programming experience (Python, JavaScript, etc.)