Sr. Security Engineer - Application Security @ Uber - Sausalito, CA

Job Overview

15 days ago

Sr. Security Engineer - Application Security

Uber - Sausalito, CA

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. in our mobile, web and infrastructure-related apps and services. You can expect to spend 50+% of your time writing code/implementing security tools to scale the discovery of common security vulnerabilities. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.

What You'll Do
  • Design, build and deploy automation leveraging manually discovered security findings to scale vulnerability discovery efforts across more than 5,000 services
  • Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas
  • Identify novel attacks and security weaknesses in company-owned assets and automate their discovery using state-of-the-art control-flow and data-flow analysis techniques, methods, and tools
  • Identify gaps in apps, services, and infrastructure lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets and asset groups.
  • Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new systems and technologies
  • Provide security guidance to application and service owners to remediate security vulnerabilities
  • Mentor junior security engineers

Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Expertise in at least one security domain (e.g., web security, reverse engineering, etc.)
  • Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
  • Programming skills in at least one of: Go, Java, Python, NodeJS, etc.

Preferred Qualifications:
  • Mobile (iOS/Android) development experience
  • Experience designing, implementing, and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains or cryptosystems
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas

About the Team
We are a team of Software Engineers with Security Mindsets. We lead the vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.

Similar Jobs

Security Engineer

Twitch Interactive, Inc.

San Francisco, CA

Deploy new security tooling using AWS Cloud Development Kit (CDK) and Ansible. 3+ years of demonstrated work experience with focus in areas such as systems,…

Information Security Analyst, Associate

Health Plan of San Joaquin

French Camp, CA

Basic knowledge of threat landscape, security threat and vulnerability management, and security monitoring and analytics. Uses time effectively and efficiently.

Principal Software Test Engineer NGFW/Cloud Security

Palo Alto Networks

Santa Clara, CA

You will work with a multi- functional team of engineers solving interesting problems in the area of L2-7 / Cloud security.

Sr Principal Software Test Engineer (Cloud Security)

Palo Alto Networks

Santa Clara, CA

Experience leading QA test or automation teams involved with Cloud or Network security. You will be part of a world-class software QA engineering team that…

Staff Product Security Engineer

Five9

San Francisco, CA

8+ years of full-time security engineering or information security experience. Perform security assessments on new and existing products and cloud-based…

IT Business Systems Analyst

United Business Bank

Walnut Creek, CA

Demonstrated ability to analyze security and technology control effectiveness. Required Knowledge: Understanding of current technology and regulatory trends…

Network Engineer, Security

Google

Sunnyvale, CA

Analyze the security of network systems from hardware to cloud services, and discover and address security issues.

Staff Security Engineer

Spire Global

San Francisco, CA

Proven experience implementing security controls. Demonstrated history and willingness to solve security problems hands-on at the code level.

Lead Information Security Engineer

WELLS FARGO BANK

San Francisco, CA

Review and correlate security logs. Provide security consulting on large projects for internal clients to ensure conformity with corporate information, security…

Senior Security Engineer

Course Hero

Redwood City, CA

Familiar with security compliance such as, information security policies, audits and incident response. Build strong security practices around defending Course…

Senior Software Engineer, Security/Privacy, Google Cloud Platform

Google

Sunnyvale, CA

3 years of experience building software for data privacy or security (e.g., identity and access management). 5 years of experience with software development in…

Cyber Security Engineer (part-time)

Sacramento Municipal Utility District

Sacramento, CA

Skill in using security event correlation tools. Principles and practices of system security engineering, design, development, analysis, testing and security…

Senior RF Cyber Security Engineer

General Dynamics Mission Systems, Inc

San Jose, CA

Department of Defense TS/SCI security clearance is preferred at time of hire. Applicants selected will be subject to a U.S. Government security investigation…

Reverse/Cyber Security Software Engineer

General Dynamics Mission Systems, Inc

San Jose, CA

Understanding of cyber security concepts. Department of Defense TS/SCI security clearance is preferred at time of hire.

RF/ Cyber Engineer

General Dynamics Mission Systems, Inc

San Jose, CA

Understanding of cyber security concepts. Department of Defense TS/SCI security clearance is preferred at time of hire.

Senior Principal Reverse Engineer

General Dynamics Mission Systems, Inc

San Jose, CA

Understanding of cyber security concepts. CLEARANCE REQUIREMENTS: [Department of Defense Secret security clearance is preferred at time of hire.

Cyber Security Analyst

Joby Aviation

Santa Cruz, CA

Knowledge of penetration testing, network security, and the techniques used to expose and correct security flaws.

Sr. Security Analyst

Oportun Inc

San Carlos, CA

Provide security subject matter expertise to diverse teams through security consultation for risk analysis, remediation and solution development for…

Application Security Engineer - Crypto - Remote FT W2 + Stock Options

Kraken Digital Asset Exchange

San Francisco, CA

The engineer will also closely work with developers to diagnose, document and remediate security vulnerabilities. 3+ years of Development experience.

Lead Information Security Engineer

WELLS FARGO BANK

Concord, CA

Review and correlate security logs. Provide security consulting on large projects for internal clients to ensure conformity with corporate information, security…

Senior Security Engineer

Front

San Francisco, CA

Communicate security risks to stakeholders and engineers. We are looking for an experienced security engineer to help build, manage, and scale Front’s security…

Senior Information Security Engineer

WELLS FARGO BANK

Concord, CA

3 + years of experience with network security, endpoint security, or security threat vectors. Review and correlate security logs. 1+ year of Splunk experience.

Application Security Engineer

Earnin

Palo Alto, CA

Perform security review of application design and provide security requirement. Integrate security tools into CICD. There are no loans or hidden costs.

Technologist, Product Security Engineer specializing in Cloud

Western Digital

San Jose, CA

You will mentor other security engineers and product development teams on security best practices including threat modeling and security validation.

Ad