Please enable Javascript
Skip to main content

Security Technologist - Tech Lead (Penetration Testing)

Security Engineer, Engineering
Osasco, Brazil |
Mexico City, Mexico |
Santiago, Chile

About the Role

Uber’s Product Security organization is looking for a tech lead (TL) to join our security assessments team.  As a member of our in-house pen-test team, your principle mission will be to ensure the team’s readiness and preparation to conduct grey-box and white-box offensive pen-testing activities against our microservices, applications, infrastructure and data-layer services.  You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding our product security uplift activities.  This is a unique opportunity for an offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Uber Engineering Security to make real positive impacts to our security posture, and help us improve our security designs in our next-gen of systems and services.

What You Will Do

  • Develop and ensure the assessments teams’ capability to conduct white-box and grey-box offensive penetration testing against Uber’s mobile applications, front-end & back-end micro-services and web services
  • Develop and ensure the assessments teams’ capability to conduct network infrastructure, Public Cloud (AWS and GCP), and data-layer offensive pen-testing
  • Develop and detail the sources and methods required for the assessment team to perform mobile reverse engineering and/or mobile instrumentation of mobile application products for assessments.
  • Assist the assessment team during the active engagements acting as a force-multiplier
  • Teach and mentor junior team members on Techniques, Tactics and Procedures (TTPs) for pen-testing
  • Perform manual source code reviews and audits (manual and SCA/SAST code audits) and/or any needed security research on the product suites undergoing assessment
  • Compile any needed architectural documentation or recovery for grey-box or white-box assessment activities
  • Assist in scheduling and coordinating both internal and external assessments activities
  • Be a subject matter expert and ambassador to Uber Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
  • Perform any other application security or product security related activities or tasks as needed or directed
  • Validate 3rd party external pen-test and crowd-sourced application security findings and work with our appsec team to triage those across to our engineering teams.

Basic Qualifications

  • Hold a pen-test certification such as Offensive Security Certified Professional (OSCP) or CEH, OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, and/or willing to work towards ultimately obtaining one as part of your career path
  • 3-5 years of relevant engineering or security assessment experience
  • Possess a broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
  • Experience with Java, Go, Python or Node.js (bonus points for more than one).
  • Experience with assessing with Cloud-native services, service meshes, and Kubernetes-platform based micro-services
  • Experience with assessment of mobile-based applications (not just web/UI)
  • Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks
  • Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)
  • Ability to create written work product, detailed technical findings documents, and pen-test reports

Preferred Qualifications

  • You have great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry. If you enjoy discussing anything from procedural linking tables in kernels to remote code execution in JVMs, then we want you on the team.
  • Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification
  • Experience with pre-assessment architectural and API analysis to scope and prepare white-box and grey-box assessments
  • Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle and QA processes

At Uber, we ignite opportunity by setting the world in motion. We tackle big problems to help drivers, riders, delivery partners, and eaters get moving in more than 10,000 cities around the world.

We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward together.

We are a tight-knit group of passionate and hardworking engineers, designers, data scientists, product managers, and account managers. We pride ourselves on our collaborative and open culture! Visit Uber for Business to learn more Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form (https://forms.gle/aDWTk9k6xtMU25Y5A).

At Uber, we reimagine the way the world moves for the better. The idea was born on a snowy night in Paris in 2008, and ever since then, our DNA of reimagination and reinvention carries on. We’ve grown into a global platform moving people and things in ever-expanding ways, taking on big problems to help drivers, riders, delivery partners, and eaters make movement happen at the push of a button for everyone, everywhere.

We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.

Offices continue to be central to collaboration and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.

Uber is committed to a safe workplace.  We have implemented COVID-19 safety protocols that meet or exceed local public health guidelines.  Workplace safety remains our number one priority.  As a result, and depending on the workplace location, Uber either requires* or recommends employees be vaccinated to access any of our facilities; this is subject to change solely at the Company’s discretion.

\* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to accommodations@uber.com.


See our Candidate Privacy Statement>

Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, Veteran Status, or any other characteristic protected by law.