About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering. As a ProdSec engineer you will demonstrate your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services and web apps. This is an outstanding opportunity to work with both senior and new-grad engineers, make a real impact on Uber’s security posture, and continue to up level your own software engineering and security skills. What You'll Do

• Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our automated vulnerability programs
• Use your software engineering skills to architect, design, and implement (Golang) security tools and services to automate product security processes
• Perform code reviews, security design reviews and other internal consultancy on an as-needed basis
• Provide software security guidance to application and service owners to remediate known security vulnerabilities
• Lead product security efforts during security incident management, and define post-incident product security remediation plans

Basic Qualifications

• Bachelor's in Computer Science, Engineering or a related field.
• 3+ years of relevant security engineering, security assessment experience in a product development role.
• Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
• Programming skills in at least one of: Go, Java, Python, JavaScript, etc.
• Experience finding and fixing common infrastructure, application or mobile security vulnerabilities.
• Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.

Preferred Qualifications

• Expertise in multiple security domains, security assessment, or bug bounty experience.
• Experience building software applications, systems, or services.
• Experience performing threat modeling, design and code reviews.
• Experience with application security data analysis from DAST, SAST, SCA and vulnerability tooling
• Experience with Cloud security principles in one or more of: AWS, GCP, Azure, or OCI public cloud providers.
• Ability to communicate ideas and proposals concisely to a wide-range of audiences.

About The TeamThe Product Security team is part of the Engineering Security organization at Uber. The team focuses on application security, cloud security, vulnerability management, and penetration testing for all of Uber Engineering. To that end, we design, develop and deploy security automation to detect, track and remediate vulnerabilities in thousands of microservices and within our cloud and on-prem infrastructure. We use research-quality code analysis and industry leading penetration testing techniques to identify vulnerabilities in our product and services proactively. We lead Uber’s security guidance program to drive a shift-left bias for security and champion proactive secure-by-default designs for our next-gen products and services.Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.Offices continue to be central to collaboration and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.