Engineering Security, Safety, Security & Insurance u gradu Seattle, WA
At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.
About the Role
We are seeking a talented Security Engineer to join our Vulnerability Discovery team in Seattle, WA. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying common security vulnerabilities (e.g., XSS, SQLi, CSRF, SSRF, etc.) in our mobile, web and infrastructure-related apps and services.
What You’ll Do
Manually identify security vulnerabilities in our mobile, web and infrastructure-related apps and services
Design, build and deploy automation leveraging manually discovered security findings to scale vulnerability discovery efforts across more than 5,000 services
Identify novel attacks and security weaknesses in company owned assets and automate their discovery leveraging state-of-the-art control-flow and data-flow analysis techniques, methods and tools
Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas
Provide security guidance to application and service owners to remediate security vulnerabilities
What You’ll Need
Experience in at least one security domain (e.g., web security)
Programming skills in at least one of: Go, Java, Python, NodeJS, etc.
Ability to communicate ideas and proposals concisely
Bonus Points If
Experience performing threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies
Experience designing, implementing and deploying large distributed systems
Prior vulnerability management experience
Expertise in multiple security domains or crypto systems
About the Team
We are a team of 10X engineers that lead the principled vulnerability discovery initiative at Uber. We ensure code running in production adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we build and deploy top-notch taint tracking systems leveraging control-flow and data-flow analysis techniques to scan and report new security findings in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we leverage research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we 10X the ROI of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber’s applications and services.
Uber ne samo da prihvaća različitost, nego ju i slavi, podržava te raste zahvaljujući različitostima za dobrobit naših zaposlenika, proizvoda i zajednice. Uber s ponosom osigurava jednake mogućnosti za sve na radnom mjestu te kao poslodavac promiče jednakost. Zalažemo se za jednake mogućnosti zapošljavanja bez obzira na rasu, boju kože, podrijetlo, vjeru, spol, nacionalno podrijetlo, seksualnu orijentaciju, dob, državljanstvo, bračno stanje, invaliditet, rodni identitet ili veteranski status.