We launched our Security team in Amsterdam in late 2022. Now, nearly 20 engineers at our EMEA HQ are driving diverse security initiatives, including defense platforms, platform security engineering, enterprise security, cyber defense, and application/product security. Below, we chatted with three of them about the work they’re doing.
Meet the team
 |  |  |
| Roman Klyuev Network Security | Lin Wei Mobile Security | Giovanni Schiavon Production Security |
Why did you join the Security team at Uber? What surprised you?
 | Security is always on the forefront. | ||
 | I was reading the LinkedIn page of my hiring manager and could clearly see his passion for programming. I was sure I would be working with knowledgeable engineers and find intellectual excitement in it. | ||
 | I was looking for security opportunities in the Netherlands, and coincidently I was approached by Uber’s sourcing team and the interview process went incredibly fast and was well organised. What really surprised me when I joined was the small amount of red tape and the speed of the engineering execution. |
What aspects of Uber’s business are you working on that are industry-leading?
| We need to know Cloud, Kubernetes, automation and AI in depth, and then some. | ||
| We take multiple approaches to enforce integrity of devices accessing Uber’s services. Bad actors using compromised clients (devices and apps) can modify their software and lock out good users. These include fraud, airport gaming, cherry-picking long trips, etc. We build technologies to detect inauthentic clients and ensure marketplace equity. | ||
| We use a mix of commercial solutions and custom-developed software to manage the lifecycle of both assets and vulnerabilities, and to orchestrate vulnerability scanners. |
How are you using tech differently than other companies?
| We do not have much split between development and operations. The same teams that develop software products also maintain and support them. This creates unique challenges in how we balance availability and innovation. | ||
| Other companies use AppAttest and Android key attestation for device and app integrity and anti-tampering. But at Uber we build on these technologies and design our own flow of attestation, which integrate closely with our infrastructure like our observability platform and risk system. This helps improve robustness and reduce latency. | ||
| The scale of Uber. The whole infrastructure we created needs to be able to handle every production server, cloud asset, every software running on them, every employee laptop, and all the many pieces of hardware and software that Uber uses that don’t fall in those categories. |
What is the best part of your job?
| Our team is still newer, so we have more freedom than similar teams in older companies. At the same time, our scale presents unique challenges if you’re interested in complex projects. Currently we’re rethinking many aspects of our architecture and (re-)building products from scratch. | ||
| We have a truly global technological impact beyond Uber. And we aren’t only protecting clients of Uber from being hacked, but helping other companies as well. | ||
| I work with the greater Enterprise Security team from Uber. Communication channels are very dynamic and things happen fast. This team also manages vulnerabilities for all the teams at Uber and it’s quite exciting. |
What complex challenges is the team solving?
| How we interact with other teams. Great minds don’t think alike, and we constantly need to balance different ideas. Also, our cultural value One Uber encourages us to focus on something bigger than any single team. Balancing between the two is our daily challenge, which is also very interesting to do! | ||
| This is a cat-and-mouse game. New phone models and operating systems are being developed everyday. New exploits, root, and jailbroken techniques will always emerge. We have to stay up-to-date with the latest technologies. | ||
| Working with different interfaces and teams and understanding all of these complex systems. They literally touch all platforms within Uber and one of the most challenging pieces is to understand the best way to secure those things. |
Posted by Uber
Category:
Come reimagine with us
Related articles
Most popular
Engineering, Backend, Uber AI23 June / Global
Slashing CI Costs at Uber
Engineering, Data / ML, Uber AI2 July / Global
Reinforcement Learning for Modeling Marketplace Balance
Engineering, Backend15 July / Global
How Uber Processes Early Chargeback Signals
Higher Education16 July / Global