Sr. Security Engineer - Vulnerability Management @ Uber - Ridgewood, NY

Job Overview

11 days ago

Sr. Security Engineer - Vulnerability Management

Uber - Ridgewood, NY

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on building out and scaling our asset inventory platform, as well as scaling our CORP and Infrastructure-wide security scanning capabilities. In addition, the nUber will work closely with our M&As in an effort to scale their Vulnerability Management function, close any remaining gaps, and improve patch health visibility into M&As’ endpoints, mobile, prod, COPR and cloud infrastructure. You can expect to spend 50%+ of your time implementing new security tools, improving existing ones, as well as building out and deploying new security integrations. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.
What You'll Do
  • Design, build and deploy automation to scale infrastructure vulnerability discovery efforts across a growing list of M&As.
  • Work closely with M&As around the world to set up and scale their Vulnerability Management function.
  • Build out and scale our asset inventory platform.
  • Drive vuln remediation across prod, CORP, cloud, endpoint and mobile assets.
  • Provide actionable security guidance to asset owners in an effort to speed up vuln remediation.
  • Mentor junior security engineers
Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Experience in at least one security domain (e.g., infrastructure security, web security, etc.)
  • Expertise in at least one of: Go, Java, Python, NodeJS, etc.
Preferred Qualifications:
  • Experience designing, implementing and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas
About the Team
We are a team of software engineers with security mindsets. We lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 web services, endpoints, mobile devices, prod & CORP infrastructure.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor.

Similar Jobs

Security Engineer

Carrier

Pittsford, NY

Develop automated tooling in order to aid security engineers, QA & penetration testers in performing security assessments. 1-2 years SW development experience.

Application Delivery Systems and Endpoint Engineer

CooperVision

Rochester, NY

Maintain security, backup and redundancy strategies. Researches, analyzes and recommends backup/security strategies as required. Working knowledge of Okta/ADFS.

Associate Information Security Risk and Compliance Analyst

Bosch Group

Fairport, NY

Implementation includes but is not limited to, regular consultation with management on topics such as network design, secure IT device usage, training of the…

Security Analyst

Sorrento Lactalis Inc

Buffalo, NY

Analysis of security logs from firewalls, SIEMs, web filtering, security profiles, and security software to detect and remediate potential security threats.

IT Security Analyst

Lactalis American Group

Buffalo, NY

Analysis of security logs from firewalls, SIEMs, web filtering, security profiles, and security software to detect and remediate potential security threats.

Identity & Access Management (IAM) Operations Specialist - MS

PRICE WATERHOUSE COOPERS

Rochester, NY

Understanding information security, compliance, assurance, and/or other security industry leading practices and principles;

Identity & Access Management (IAM) Operations Specialist - MS

PRICE WATERHOUSE COOPERS

Buffalo, NY

Understanding information security, compliance, assurance, and/or other security industry leading practices and principles;

Cybersecurity Risk Analyst

Moog Inc.

East Aurora, NY

2+ years of proven system security risk analysis and management is preferred. Conduct product security risk assessments that review security controls and…

IT Security Engineer

Wegmans Food Markets

Rochester, NY

Evaluate, recommend and implement proven state of the art security solutions to enhance our core security capabilities in security infrastructure, access…

Cyber Security Analyst II (Industrial & Manufacturing)

Pinnacle Executive Search

Seneca Falls, NY

Identify and collect data associated with initial security investigation finding. Detection, monitoring, analysis, escalation of security incidents and…

Software Engineer II - Network Services and Security

Crown Castle USA Inc.

West Henrietta, NY

Champion continual process improvements and innovation as well as mentor other engineers around best practices and engineering rigor.

Cybersecurity Systems Engineer

Moog Inc.

East Aurora, NY

2+ years of proven system security analysis and design is preferred. Create and recommend remediation action plans for vulnerabilities found in product security…

Information Security Analyst

Kodak Alaris

Rochester, NY

You will monitor computer networks for security issues, install security software and document all security issues or breaches you find.

Security Engineer II

Paychex Inc.

Webster, NY

As a Security Engineer, you will provide hands-on technical support for securing modern technologies and platforms, while developing security requirements &…

Cyber Intelligence Analyst

Paychex Inc.

Webster, NY

The Cyber Intelligence Analyst is responsible for supporting the global cyber intelligence function for the Cyber Fusion Center.

Information Security Analyst

Benefit Resource, LLC.

Rochester, NY

Understand data security standards and frameworks. Participate in the completion of critical vendor security and risk assessments including initiation and…

Cryptography Engineer, Security Engineering & Architecture

Recruiting From Scratch

Rochester, NY

Very strong hardware security fundamentals. Collaborate with other backend engineers to integrate HSM within BitGo’s platform application.

InfoSec & Cybersecurity Engineer II, III - 012684

Excellus

Buffalo, NY

Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security…

IT Call Center Analyst

Rochester Housing Authority

Rochester, NY

Knowledge of Network security standards; DISTINGUISHING FEATURES OF THE CLASS: *Employees in this position provide first level technical support to end users.

Principal Navigation Engineer- Orolia Defense and Security

Orolia

Rochester, NY

Lead engineers and product development teams to design, develop and qualify new PNT products and solutions. The Principal Signal Navigation Engineer will be a…

InfoSec & Cybersecurity Engineer II, III - 012684

Univera Healthcare

Buffalo, NY

Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security…

Risk & Compliance Analyst

Deloitte

Williamsville, NY

1-3 years of information security experience. Recommend and help develop appropriate information security policies, standards, procedures, checklists, and…

Risk & Compliance Analyst

Deloitte

Rochester, NY

1-3 years of information security experience. Recommend and help develop appropriate information security policies, standards, procedures, checklists, and…

NIS - Application Security Developer Senior Associate

PRICE WATERHOUSE COOPERS

Rochester, NY

Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities,…

Ad