Sr. Security Engineer - Application Security
About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team in Seattle, WA. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. in our mobile, web and infrastructure-related apps and services. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.
What You'll Do
- Design, build and deploy automation leveraging manually discovered security findings to scale vulnerability discovery efforts across more than 5,000 services
- Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas
- Identify novel attacks and security weaknesses in company owned assets and automate their discovery using state-of-the-art control-flow and data-flow analysis techniques, methods and tools
- Identify gaps in apps, services and infrastructure lacking proper security scans, build out and execute on a project roadmap to ensure 100% coverage across all assets and asset groups.
- Perform threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies
- Provide security guidance to application and service owners to remediate security vulnerabilities
- Mentor junior security engineers
- Bachelor's in Computer Science or a related field or equivalent industry experience
- Expertise in at least one security domain (e.g., web security, reverse engineering, etc.)
- Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
- Programming skills in at least one of: Go, Java, Python, NodeJS, etc.
- Mobile (iOS/Android) development experience
- Experience designing, implementing and deploying large distributed systems
- Prior vulnerability management experience
- Expertise in multiple security domains or crypto systems
- Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
- Ability to communicate ideas and proposals concisely
- Proven track record demonstrating impact across several teams, organizations and/or security areas
About the Team
We are a team of rockstar engineers who lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 10,000 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, Veteran Status, or any other characteristic protected by law.
Europe, Middle East & Africa
United States & Canada