Security Engineer II - Product Security
Posted on Saturday, May 13, 2023
The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we. About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering.As a Product Security engineer, show your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services, and web apps. This is an outstanding opportunity to work with senior and new-grad engineers, impact Uber’s security posture, and continue to up-level your own software engineering and security skills! What You Will Do
- Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our pen-test, bug bounty, and automated vulnerability programs
- Conduct code reviews, security design reviews, and other internal consultancies on an as-needed basis
- Provide software security mentorship to application and service owners to remediate known security vulnerabilities
- Build remediation roadmaps, burn-down plans, and reporting dashboards to drive overall product security program metrics and security bug resolutions across Uber
- Lead product security efforts during security incident management, and define post-incident product security remediation plans
- Identify tooling and process gaps in our application security, pen-testing, and vulnerability management automation systems
- Bachelors in Computer Science, Engineering, or a related field.
- 2+ years of relevant security engineering, and security assessment experience in a product development role
- Familiarity with industry-standard threat modeling, risk modeling, and vulnerability classification
- Programming skills in at least one of Go, Java, Python, NodeJS, etc.
- Experience finding and fixing common infrastructure, application or mobile security vulnerabilities
- Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.
- Expertise in multiple security domains, prior pen-test, security assessment, or bug bounty experience.
- Experience performing threat modeling, design, and code reviews.
- Experience with application security data analysis from DAST, SAST, SCA, and vulnerability tooling
- Hold a security certification such as Offensive Security Certified Professional (OSCP) or CEH, OSWE, OSCE, GPEN, GMOB, GWAPT, or GXPN
- Experience with Cloud security principles in one or more of AWS, GCP, Azure, or OCI public cloud providers
- Promote ideas and proposals concisely to a wide range of audiences.
See more open positions at Uber
Something looks off?