Senior Technical Program Manager, Bug Bounty
About the Role
We are seeking a hardworking Sr. Security Technologist to join our Vulnerability Discovery team and manage Uber's Bug Bounty Program! In this role, you will build relationships with the security research community through daily interactions, virtual promo bug bounty events and live hacking events. In addition, you will be verifying bug bounty reports, performing root cause analysis, and assessing their impact while partnering with engineering teams to track vulns through remediation. The ideal candidate will be able to work effectively with external and internal partners in a collaborative and fast paced environment.
What You'll Do
- Lead bug bounty program strategy, manage public and private bug bounty projects, and assist with live event and virtual promo event planning and execution.
- Oversee the end to end report lifecycle from triage to resolution, including managing triage and escalation for inbound reports, performing root cause analysis, managing state transitions, and tracking internal remediation tickets.
- Work closely with engineering teams across Uber to help them understand the risk, track remediation timelines, and ensure reports are remediated within the defined SLAs.
- Manage bug bounty payouts, including leading payout meetings and building monthly reports for security leadership.
- Identify program trends and feed new bug bounty reports into our static analysis rule creation process.
- Maintain program documentation, e.g., updating scope changes or changes to internal process documents.
- Generate global intelligence reports on past bug bounty escalations.
- Bachelor's in Computer Science or a related field or equivalent industry experience
- Experience finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
- Familiarity with software development lifecycle.
- Master's in Computer Science or a related field.
- Prior bug bounty program management experience.
- Ability to work with and get consensus from cross functional teams.
- Organized, self-motivated, and comfortable in a fast-paced environment.
- Ability to motivate internal teams to prioritize security vulnerabilities in addition to OKR work.
About the Team
We are a team of rockstar engineers who lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 10,000 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.
Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, Veteran Status, or any other characteristic protected by law.
Europe, Middle East & Africa
United States & Canada