Security Software Engineer II - Product Security
Software Engineering, Product
Posted on Wednesday, August 2, 2023
About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering. As a ProdSec engineer you will leverage your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services and web apps. This is a unique opportunity to work with both senior and new-grad engineers, make a real impact on Uber’s security posture, and continue to up level your own software engineering and security skills. What The Candidate Will Need / Bonus Points
- Use your software engineering skills to architect, design, and implement (golang) security tools and services to automate product security processes
- Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our automated vulnerability programs
- Perform code reviews, security design reviews and other internal consultancy on an as-needed basis
- Provide software security guidance to application and service owners to remediate known security vulnerabilities
- Lead product security efforts during security incident management, and define post-incident product security remediation plans
- Expertise in multiple security domains, security assessment, or bug bounty experience.
- Experience building software applications, systems, or services.
- Experience performing threat modeling, design and code reviews.
- Experience with application security data analysis from DAST, SAST, SCA and vulnerability tooling
- Experience with Cloud security principles in one or more of: AWS, GCP, Azure, or OCI public cloud providers.
- Ability to communicate ideas and proposals concisely to a wide-range of audiences.
- Bachelor's in Computer Science, Engineering or a related field.
- 3+ years of relevant security engineering, security assessment experience in a product development role.
- Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
- Experience finding and fixing common infrastructure, application or mobile security vulnerabilities.
- Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.