Sr. Security Engineer - Application Security @ Uber - Corona, NY

Job Overview

11 days ago

Sr. Security Engineer - Application Security

Uber - Corona, NY

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. in our mobile, web and infrastructure-related apps and services. You can expect to spend 50+% of your time writing code/implementing security tools to scale the discovery of common security vulnerabilities. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.

What You'll Do
  • Design, build and deploy automation leveraging manually discovered security findings to scale vulnerability discovery efforts across more than 5,000 services
  • Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas
  • Identify novel attacks and security weaknesses in company-owned assets and automate their discovery using state-of-the-art control-flow and data-flow analysis techniques, methods, and tools
  • Identify gaps in apps, services, and infrastructure lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets and asset groups.
  • Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new systems and technologies
  • Provide security guidance to application and service owners to remediate security vulnerabilities
  • Mentor junior security engineers

Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Expertise in at least one security domain (e.g., web security, reverse engineering, etc.)
  • Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
  • Programming skills in at least one of: Go, Java, Python, NodeJS, etc.

Preferred Qualifications:
  • Mobile (iOS/Android) development experience
  • Experience designing, implementing, and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains or cryptosystems
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas

About the Team
We are a team of Software Engineers with Security Mindsets. We lead the vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.

Similar Jobs

Software Engineer III, Security/Privacy, Android

Google

New York, NY

2 years of experience building software for data privacy or security (e.g., identity and access management). 2 years of experience with software development in…

Global Insider Threat Analyst

Deloitte

New York, NY

Support ITM team in day to day responsibilities by conducting data analysis, and developing reporting and presentation content.

Global Insider Threat Analyst

Deloitte

Jericho, NY

Support ITM team in day to day responsibilities by conducting data analysis, and developing reporting and presentation content.

IT Security Analyst I

iboss

New York, NY

Adhere to procedures or playbooks for security-related incidents. 1 year or more of direct security monitoring and response experience.

Global Insider Threat Analyst

Deloitte

Philadelphia, PA

Support ITM team in day to day responsibilities by conducting data analysis, and developing reporting and presentation content.

Cloud Network and Security Architect/Engineer

Deloitte

Princeton, NJ

Collaborate with fellow subject matter experts to develop business architecture roadmaps. BS in Network Engineering or equivalent experience and technical…

Global Insider Threat Analyst

Deloitte

Parsippany, NJ

Support ITM team in day to day responsibilities by conducting data analysis, and developing reporting and presentation content.

Cloud Network and Security Architect/Engineer

Deloitte

Philadelphia, PA

Collaborate with fellow subject matter experts to develop business architecture roadmaps. BS in Network Engineering or equivalent experience and technical…

Cybersecurity Strategy & Governance, Analyst– REMOTE

MUFG

Trenton, NJ

The Cyber Strategy and Execution team is seeking an analyst to develop and deliver executive leadership reporting and updates with objective analysis and…

Cyber Security Analyst Asc

Sikorsky Aircraft Corporation

Moorestown, NJ

Developing understanding of NISPOM/DISA security requirements and know how to implement required security settings. BS degree in STEM field.

Global Identity Access Management Engineer

Deloitte

Princeton, NJ

Work collaboratively with information security organization to assist in the detection and mitigation of security events. Member firm IAM and technology teams.

Tier 3 Security Event Monitoring Analyst

Deloitte

Princeton, NJ

Strong background in security incident response, system operations and threat intelligence. The Tier 3 Event Monitoring Analyst position supports the SOC as an…

Tier 3 Security Event Monitoring Analyst

Deloitte

Philadelphia, PA

Strong background in security incident response, system operations and threat intelligence. The Tier 3 Event Monitoring Analyst position supports the SOC as an…

Malware Analyst

iboss

New York, NY

Reverse engineer malware and C2 protocols. Iboss is looking for a Malware Analyst and rule writer to help us increase our detection capabilities by finding the…

SSDLC Cybersecurity Assessment Analyst

Deloitte

Princeton, NJ

As required, operate SSDLC, including support for architectural security reviews, identification of security gaps in architecture, and ensuring system/solutions…

Attack Analysis - SOC Analyst

JPMorgan Chase Bank, N.A.

New York, NY

Your research and work will ensure stability, capacity and resiliency of our products. Working with your internal team, as well as technologists and innovators…

Cyber Security Engineer

LOCKHEED MARTIN CORPORATION

Uniondale, NY

Experience analyzing, decomposing, and allocating security controls into executable security requirements at the system, sub-system and component level.

Privacy Engineer - Cyber Solutions

Aon

New York, NY

We are seeking professional passionate about privacy and capable of helping us support major Internet, social media, communications, marketing, analytics and…

Senior Systems Engineer, Firewalls

Cumulus Media

New York, NY

Monitor firewalls for access and security events. Work with networking team on DNS and other networking projects as they relate to firewall and network security…

Senior DevSecOps Engineer - Cyber Solutions

Aon

New York, NY

Past experience in a security-oriented role. Intimate experience with DevOps tools, CI/CD pipelines, and common security applications.

Senior Security Engineer

Coretelligent

New York, NY

Prior experience in security design and analysis; defense in depth analysis; configuring and managing security devices, incident handling & response;…

Senior Security Engineer

Coretelligent

Stamford, CT

Prior experience in security design and analysis; defense in depth analysis; configuring and managing security devices, incident handling & response;…

Senior Security Engineer

Coretelligent

Philadelphia, PA

Prior experience in security design and analysis; defense in depth analysis; configuring and managing security devices, incident handling & response;…

Cyber Security Engineer II

Atlantic Health System

Morris Plains, NJ

Ability to develop specific proactive procedures for detection of security breaches and identifying security risks via architecture and design review as well as…

Ad