The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. We are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, we do too. About The RoleUber’s Product Security organization is looking for a Security Engineer II to join our Security Guidance (SG) team. We provide contextual, on-demand security guidance to product teams at Uber, whenever new products or product features are being conceived.As a member of the SG team, your principal mission will be to coordinate and conduct pre-release technical security system design reviews for Uber’s product suite and platform, in accordance with our secure software development lifecycle (SDL/SDLC). You will work closely with engineering teams throughout the company to analyze their engineering design documents, identify potential security design flaws in the areas of cloud security, infrastructure security, data security, and applications security. As a SG engineer, you will provide security-specific corrective direction to engineers, author security-related feature requests against products, gather critical technical design information required for security assessments, and own technical interfacing for related remediation efforts.This is an outstanding opportunity for an expert security engineer who is knowledgeable in multiple security domains to play a central role in shifting security left, and make cross-cutting strategic impacts to the security of our next-gen systems and services. What You Will Do

• Perform multi-disciplinary security design reviews of engineering design proposals. Consider aspects of application, cloud, infrastructure, and data-layer security.
• Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security posture of our products and services.
• Build quality written work products for both technical engineering and non-technical consumers.
• Be a domain expert and ambassador to core Uber Engineering for secure application and systems design areas.
• Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
• Provide technical mentorship for remediation efforts, coordinating with our Application Security and assessment teams.
• Perform any other security guidance or product security related activities or tasks as needed or advised.

Basic Qualifications

• Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
• 3+ years overall of relevant security engineering or architecture experience.
• A security-related or architect-related certification such as CISSP, OSCP, CEH, GCP/AWS/Azure/OCI Cloud Security or Architect Certifications, and/or willing to work towards ultimately obtaining one as part of your career path.
• Possess a broad knowledge of threat modeling and the associated design patterns to correct and/or mitigate security attacks and threats.
• Experience with security designs related to Cloud-native services, service and microservices meshes.
• Familiarity with industry-standard risk modeling and vulnerability classification.
• Ability to build written-work products and detailed technical documents.
• Be able to apply creative thinking and problem solving on the boundary of your knowledge base, learning new technologies or languages as needed to solve sophisticated technical controls problems in our product suite.

Preferred Qualifications

• Collaboration skills, deep technical ability, and a history of successful execution working with a broad suite of infrastructure to applications layer technologies.
• Experience with one of: Go, Java, Python, NodeJS, etc.
• Experience with RDBMS and non-RDBMS (noSQL) data store technologies such as PostGRESQL, MySQL, Hadoop, GCP BigQuery, AWS RDS & DynamoDB, GraphQL and more.
• Experience with Identity-aware proxy and HTTP routing technologies.
• Familiarity with privacy, healthcare and payments processing regulatory frameworks and how they guide or affect secure systems design.
• Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
• Familiarity with one or more of AWS, Azure, GCP, OCI public cloud providers, plus private cloud equivalent service layers.

Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.Offices continue to be central to collaboration and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.