The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we. About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering.As a Product Security engineer, show your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services, and web apps. This is an outstanding opportunity to work with senior and new-grad engineers, impact Uber’s security posture, and continue to up-level your own software engineering and security skills! What You Will Do

• Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our pen-test, bug bounty, and automated vulnerability programs
• Conduct code reviews, security design reviews, and other internal consultancies on an as-needed basis
• Provide software security mentorship to application and service owners to remediate known security vulnerabilities
• Build remediation roadmaps, burn-down plans, and reporting dashboards to drive overall product security program metrics and security bug resolutions across Uber
• Lead product security efforts during security incident management, and define post-incident product security remediation plans
• Identify tooling and process gaps in our application security, pen-testing, and vulnerability management automation systems

Basic Qualifications

• Bachelors in Computer Science, Engineering, or a related field.
• 2+ years of relevant security engineering, and security assessment experience in a product development role
• Familiarity with industry-standard threat modeling, risk modeling, and vulnerability classification
• Programming skills in at least one of Go, Java, Python, NodeJS, etc.
• Experience finding and fixing common infrastructure, application or mobile security vulnerabilities
• Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.

Preferred Qualifications

• Expertise in multiple security domains, prior pen-test, security assessment, or bug bounty experience.
• Experience performing threat modeling, design, and code reviews.
• Experience with application security data analysis from DAST, SAST, SCA, and vulnerability tooling
• Hold a security certification such as Offensive Security Certified Professional (OSCP) or CEH, OSWE, OSCE, GPEN, GMOB, GWAPT, or GXPN
• Experience with Cloud security principles in one or more of AWS, GCP, Azure, or OCI public cloud providers
• Promote ideas and proposals concisely to a wide range of audiences.

We encourage people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. We are looking for individuals that have the curiosity, drive, and collaborative spirit, work with us, and let’s move the world forward, together.Offices continue to be central to teamwork and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are encouraged to be in the office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request accommodations, please get in touch with: accommodations@uber.com.Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.Offices continue to be central to collaboration and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.