Sr. Security Engineer - Vulnerability Management @ Uber - Greenbrae, CA

Job Overview

12 days ago

Sr. Security Engineer - Vulnerability Management

Uber - Greenbrae, CA

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on building out and scaling our asset inventory platform, as well as scaling our CORP and Infrastructure-wide security scanning capabilities. In addition, the nUber will work closely with our M&As in an effort to scale their Vulnerability Management function, close any remaining gaps, and improve patch health visibility into M&As’ endpoints, mobile, prod, COPR and cloud infrastructure. You can expect to spend 50%+ of your time implementing new security tools, improving existing ones, as well as building out and deploying new security integrations. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.
What You'll Do
  • Design, build and deploy automation to scale infrastructure vulnerability discovery efforts across a growing list of M&As.
  • Work closely with M&As around the world to set up and scale their Vulnerability Management function.
  • Build out and scale our asset inventory platform.
  • Drive vuln remediation across prod, CORP, cloud, endpoint and mobile assets.
  • Provide actionable security guidance to asset owners in an effort to speed up vuln remediation.
  • Mentor junior security engineers
Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Experience in at least one security domain (e.g., infrastructure security, web security, etc.)
  • Expertise in at least one of: Go, Java, Python, NodeJS, etc.
Preferred Qualifications:
  • Experience designing, implementing and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas
About the Team
We are a team of software engineers with security mindsets. We lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 web services, endpoints, mobile devices, prod & CORP infrastructure.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor.

Similar Jobs

Sr. Associate, Cyber Security – Cloud DevOps Engineer

KPMG

San Francisco, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Sr. Associate, Cyber Security – Cloud DevOps Engineer

KPMG

Sacramento, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Sr. Associate, Cyber Security – Cloud DevOps Engineer

KPMG

Santa Clara, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Sr. Associate, Cyber Security - Cloud DevOps

KPMG

San Francisco, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Director, Cyber Security - Cloud, DevOps, HashiCorp

KPMG

Sacramento, CA

Lead and mentor teams of Cloud architects and engineers. Proficiency in understanding concepts and technologies in DevOps, IT operations, security, cloud,…

Sr. Associate, Cyber Security - Cloud, DevOps, HashiCorp

KPMG

Sacramento, CA

Lead and mentor teams of Cloud architects and engineers. Proficiency in understanding concepts and technologies in DevOps, IT operations, security, cloud,…

Sr. Associate, Cyber Security - Cloud DevOps

KPMG

Sacramento, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Sr. Associate, Cyber Security - Cloud DevOps

KPMG

Santa Clara, CA

Automate, build, deploy and integrate security tools with application pipelines. Experience with security tools for SAST/DAST/RASP like SonarQube, Snyk etc.

Sr. Specialist, Cyber Security - Cloud, DevOps, HashiCorp

KPMG

Sacramento, CA

Lead and mentor teams of Cloud architects and engineers. Proficiency in understanding concepts and technologies in DevOps, IT operations, security, cloud,…

Manager, Cyber Security - Cloud DevOps

KPMG

Sacramento, CA

Lead and mentor teams of Cloud architects and engineers. Proficiency in understanding concepts and technologies in DevOps, IT operations, security, cloud,…

Cybersecurity Assurance Analyst

Intuitive

Sunnyvale, CA

Experienced with network security infrastructure, threats, and vulnerabilities to networks, and mitigate security threats. Details can vary by role.

Lead Specialist, Cyber Security - Cloud, DevOps, HashiCorp

KPMG

Sacramento, CA

Lead and mentor teams of Cloud architects and engineers. Proficiency in understanding concepts and technologies in DevOps, IT operations, security, cloud,…

Staff Software Security Engineer Trust & Abuse

Databricks

San Francisco, CA

Represent the security engineering discipline throughout the organization, having a powerful voice to make us more data-driven. The impact you will have:

Sr. Software Engineer, Data Security

Block

San Francisco, CA

Act as an internal security subject matter expert, advocating for better security practices throughout Block. PCI security standards (including DSS and PTS).

Sr. Threat and Vulnerability Analyst

LiveRamp

San Francisco, CA

Hand-on experience with Static and Dynamic application security testing. Analyze and validate security assessment findings leveraging different tools (i.e. Burp…

Principal Cloud Security Engineer

Palo Alto Networks

Santa Clara, CA

7-10 years of combined experience as an software engineer, infrastructure engineer, network engineer or cloud security engineer. We’re here for better.

Senior Staff Cyber Offense Engineer

Databricks

San Francisco, CA

Understanding of security technologies, especially their limitations. Knowledge and experience with network, host and application security practices.

Principal Software Engineer , Prisma Cloud Security

Palo Alto Networks

Santa Clara, CA

Our pioneering Security Operating Platform emboldens ouc customers' digital transformation with continuous innovation that seizes the latest breakthroughs in…

PES Security and Compliance Engineer - 76393

Pinnacle Group

Austin, CA

Must thoroughly understand web application n-tier architecture and web security. Please make sure candidates understand this position will be based in Apple's…

Engineering Manager, Platform Security

Discord

San Francisco, CA

Guide important security programs the affect hundreds of developers including Identity and Access management, Secrets management, CI/CD security, and cloud and…

Lead Information Security Analyst

WELLS FARGO BANK

San Francisco, CA

Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation.

Lead Information Security Analyst

WELLS FARGO BANK

Concord, CA

Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation.

Lead Information Security Analyst

WELLS FARGO BANK

San Leandro, CA

Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation.

Endpoint Security Engineer

Dew Software

San Jose, CA

• Knowledge about various multi-vendor security tools.*. • Experience in architecting, designing, configuring, and installing endpoint solutions.*.

Ad