Passer au contenu principal

Dites-nous où vous êtes

Veuillez saisir le nom de la ville la plus proche pour que nous puissions afficher les informations correspondant à votre zone

Sélectionnez votre langue

Security Engineer - Application Security (Bug Bounty)

Engineering Security, Safety, Security & Insurance à Seattle, WA

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.


We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.

About the Role


We are seeking a talented Security Engineer to join our Vulnerability Discovery team in Seattle, WA. The new member of our team will focus on creating one-click POCs for known vulnerabilities, provide root-cause analysis for triaged vulns, and work with engineers throughout Uber to remediate vulns across all product verticals, apps, services and environments.

What You’ll Do

  • Work with our bug bounty triagers to validate incoming reports
  • Provide high-quality root cause analysis of triaged vulnerabilities
  • Provide actionable advice and security guidance to engineers to remediate vulns within SLA
  • Create one-click POCs to facilitate vuln fix verification and enable regression testing of known vulns
  • Help drive quality engagement on Uber’s public bug bounty program
  • Help define targets and organize live hacking events a few times a year

What You’ll Need

  • Hands-on experience discovering, validating and fixing common web vulnerabilities (e.g., IDOR, XSS, SSRF, CSRF, RCE, etc.)
  • Programming skills in at least one of: Go, Java, Python, NodeJS, etc.
  • Ability to communicate ideas and proposals concisely
  • Ability to distill complex security problems and drive towards creative solutions

Bonus Points If

  • Prior bug hunting and/or bug triage experience
  • Experience performing threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies
  • Experience building out integrations with open source scanners and/or vendor products

About the Team


We are a team of 10X engineers who lead the principled vulnerability discovery initiative at Uber. We ensure that code built and/or deployed at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities. 


To that end, we build and deploy top-notch taint tracking systems leveraging control-flow and data-flow analysis techniques to scan and report new security findings in over 5,000 services. 


In addition, we crowdsource security intelligence via our best in class Bug Bounty program, red team exercises, as well as manual and automated security audits. 


We codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber’s applications and services.


Finally, we evaluate and deploy 3rd party security scanners to scan our internal and external perimeter for known CVEs and CWEs. We then leverage automation to apply patches consistently throughout our fleet of mobile devices, network devices, laptops, servers, containers, etc.

Déclaration de confidentialité pour les postulants

Chez Uber, nous ne faisons pas qu'accepter la différence : nous la célébrons, nous la soutenons et nous l'encourageons pour nos collaborateurs, nos produits et notre communauté. Uber est fier d'offrir les mêmes opportunités à chacun. Nous nous engageons à offrir à tous les mêmes opportunités, quels que soient, par exemple, l'origine, la religion, l'identité et orientation sexuelle, l'âge, la nationalité, le statut marital ou le handicap.