About the Role
We are seeking a talented Sr. Security Engineer to join our Vulnerability Discovery team in Seattle, WA. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. in our mobile, web and infrastructure-related apps and services. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.
We are a team of superstar engineers who lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we build and deploy top-notch taint tracking systems leveraging control-flow and data-flow analysis techniques to scan and report new security findings in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we leverage research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the ROI of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.
You are a strong teammate, collaborator, and mentor. You are an experienced Security Engineer with passion to have a global impact. You enjoy working on complex problems, finding security vulnerabilities in production apps and services, and scaling their discovery via automation. You have a proven track record delivering results in tight deadlines, mentoring junior members, and helping them grow personally and professionally.
Traditional software development entailed designing, building and deploying systems on a predetermined dev/release cycle. Within that context, AppSec often operated in a strictly manual mode: security engineers dug through codebases, or directly pentested staging services in an effort to discover and fix vulnerabilities before they made their way to production apps and services.
The modern-day software development lifecycle demands continuous development, integration and deployment (CI/CD). Microservices-oriented architectures further complicate the control-flow and data-flow analyses, as data passes through dozens -- sometimes hundreds -- of services on its route from the user (source) to internal data stores (sinks), or vice versa. In this setting, point-in-time, manual code analysis of bespoke assets yields a limited view of their overall security exposure. Henceforth, AppSec should find new ways to scale its operations.
Here at Uber we have a highly skilled set of security engineers working on deploying top-notch taint tracking services to help us 10X the ROI across all manual code analyses, pentesting exercises, and bug bounty program operation we do. As a result, our advanced code-analysis services help us leverage research-quality control-flow and data-flow analysis techniques to continuously produce high-fidelity security findings at scale. The time we save due to automation, we then reinvest in performing tactical pentests and code audits, as well as designing, building and deploying innovative security solutions.
Sounds interesting? Join our team and help us set the bar for modern-day AppSec!
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
At Uber we don’t just accept difference—we celebrate it, we support it, and we thrive on it for the benefit of our employees, our products and our community. Uber is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.