The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. Our teams are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, so do we.
About the Role
Uber is seeking a Senior Security Engineer to join our Application Security team. As a team member, you will help us scale the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. In this role, you will be tasked with designing, implementing and deploying security automation capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. across Uber's entire code base. As an AppSec Engineer you'll demonstrate your SWE skills and security expertise to raise the security bar across all mobile and web apps at Uber. This is a unique opportunity to work with both senior and new-grad engineers, make a real impact on Uber's security posture, and continue to up-level your own software engineering and security skills.
What You'll Do

• Design, build and deploy automation demonstrating manually discovered security findings to scale vulnerability discovery efforts across thousands of microservices.
• Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas.
• Identify novel attacks and security weaknesses in company-owned assets; automate their discovery using innovative techniques, methods, and tools.
• Identify gaps in apps and services lacking proper security scans, build-out and complete a project roadmap to ensure 100% coverage across all assets.
• Provide security guidance to application and service owners to remediate known security vulnerabilities.
• Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new systems and technologies.
• Mentor new-grad engineers.

Basic Qualifications

• Bachelor's in Computer Science, Engineering or a related field.
• Programming skills in at least one of: Go, Java, Python, NodeJS, etc.
• Experience finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
• Professional experience of 5+ years in at least one security domain: web security, mobile security, cloud security, systems security, program analysis, or reverse engineering.

Preferred Qualifications

• Master's (or Ph.D) in Computer Science, Engineering or a related field.
• Experience designing, implementing, and deploying production-quality systems.
• Experience building out integrations with open source scanners and/or vendor products.
• Expertise in multiple security domains, prior security assessment, or bug bounty experience.
• Experience performing threat modeling, design and code reviews.
• Ability to communicate ideas and proposals concisely to a wide-range of audiences.

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have a curiosity, passion and collaborative spirit, work with us, and let's move the world forward, together.
Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.
If you have a disability or special need that requires accommodation, please let us know by completing this form.
For New York, NY-based roles: The base salary range for this role is $185,000 per year - $205,500 per year. For San Francisco, CA-based roles: The base salary range for this role is $185,000 per year - $205,500 per year. For Seattle, WA-based roles: The base salary range for this role is $185,000 per year - $205,500 per year. For Sunnyvale, CA-based roles: The base salary range for this role is $185,000 per year - $205,500 per year. For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link https://www.uber.com/careers/benefits.