Sr. Security Engineer - Application Security @ Uber - Ridgewood, NY

Job Overview

8 days ago

Sr. Security Engineer - Application Security

Uber - Ridgewood, NY

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on scaling the traditional AppSec model of finding vulnerabilities manually to a fully automated and autonomous system. To that end, our new teammate will be tasked with designing, implementing and deploying security automation and services capable of identifying security vulnerabilities such as XSS, SQLi, CSRF, SSRF, etc. in our mobile, web and infrastructure-related apps and services. You can expect to spend 50+% of your time writing code/implementing security tools to scale the discovery of common security vulnerabilities. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.

What You'll Do
  • Design, build and deploy automation leveraging manually discovered security findings to scale vulnerability discovery efforts across more than 5,000 services
  • Identify security-sensitive functionality in apps and services lacking security coverage and build out automation to bring security awareness into the affected areas
  • Identify novel attacks and security weaknesses in company-owned assets and automate their discovery using state-of-the-art control-flow and data-flow analysis techniques, methods, and tools
  • Identify gaps in apps, services, and infrastructure lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets and asset groups.
  • Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new systems and technologies
  • Provide security guidance to application and service owners to remediate security vulnerabilities
  • Mentor junior security engineers

Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Expertise in at least one security domain (e.g., web security, reverse engineering, etc.)
  • Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
  • Programming skills in at least one of: Go, Java, Python, NodeJS, etc.

Preferred Qualifications:
  • Mobile (iOS/Android) development experience
  • Experience designing, implementing, and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains or cryptosystems
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas

About the Team
We are a team of Software Engineers with Security Mindsets. We lead the vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.

Similar Jobs

Application Delivery Systems and Endpoint Engineer

CooperVision

Rochester, NY

Maintain security, backup and redundancy strategies. Researches, analyzes and recommends backup/security strategies as required. Working knowledge of Okta/ADFS.

Associate Information Security Risk and Compliance Analyst

Bosch Group

Fairport, NY

Implementation includes but is not limited to, regular consultation with management on topics such as network design, secure IT device usage, training of the…

Security Analyst

Sorrento Lactalis Inc

Buffalo, NY

Analysis of security logs from firewalls, SIEMs, web filtering, security profiles, and security software to detect and remediate potential security threats.

Identity & Access Management (IAM) Operations Specialist - MS

PRICE WATERHOUSE COOPERS

Rochester, NY

Understanding information security, compliance, assurance, and/or other security industry leading practices and principles;

Identity & Access Management (IAM) Operations Specialist - MS

PRICE WATERHOUSE COOPERS

Buffalo, NY

Understanding information security, compliance, assurance, and/or other security industry leading practices and principles;

IT Security Analyst

Lactalis American Group

Buffalo, NY

Analysis of security logs from firewalls, SIEMs, web filtering, security profiles, and security software to detect and remediate potential security threats.

Cybersecurity Risk Analyst

Moog Inc.

East Aurora, NY

2+ years of proven system security risk analysis and management is preferred. Conduct product security risk assessments that review security controls and…

Cybersecurity Systems Engineer

Moog Inc.

East Aurora, NY

2+ years of proven system security analysis and design is preferred. Create and recommend remediation action plans for vulnerabilities found in product security…

Software Engineer II - Network Services and Security

Crown Castle USA Inc.

West Henrietta, NY

Champion continual process improvements and innovation as well as mentor other engineers around best practices and engineering rigor.

IT Security Engineer

Wegmans Food Markets

Rochester, NY

Evaluate, recommend and implement proven state of the art security solutions to enhance our core security capabilities in security infrastructure, access…

Information Security Analyst

Kodak Alaris

Rochester, NY

You will monitor computer networks for security issues, install security software and document all security issues or breaches you find.

Cyber Security Analyst II (Industrial & Manufacturing)

Pinnacle Executive Search

Seneca Falls, NY

Identify and collect data associated with initial security investigation finding. Detection, monitoring, analysis, escalation of security incidents and…

InfoSec & Cybersecurity Engineer II, III - 012684

Excellus

Buffalo, NY

Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security…

InfoSec & Cybersecurity Engineer II, III - 012684

Univera Healthcare

Buffalo, NY

Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security…

Security Engineer II

Paychex Inc.

Webster, NY

As a Security Engineer, you will provide hands-on technical support for securing modern technologies and platforms, while developing security requirements &…

Information Security Analyst

Benefit Resource, LLC.

Rochester, NY

Understand data security standards and frameworks. Participate in the completion of critical vendor security and risk assessments including initiation and…

Cyber Intelligence Analyst

Paychex Inc.

Webster, NY

The Cyber Intelligence Analyst is responsible for supporting the global cyber intelligence function for the Cyber Fusion Center.

Risk & Compliance Analyst

Deloitte

Williamsville, NY

1-3 years of information security experience. Recommend and help develop appropriate information security policies, standards, procedures, checklists, and…

Risk & Compliance Analyst

Deloitte

Rochester, NY

1-3 years of information security experience. Recommend and help develop appropriate information security policies, standards, procedures, checklists, and…

NIS - Application Security Developer Senior Associate

PRICE WATERHOUSE COOPERS

Buffalo, NY

Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities,…

NIS - Application Security Developer Senior Associate

PRICE WATERHOUSE COOPERS

Rochester, NY

Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities,…

Senior Identity and Access Management Engineer – SSM210-PL12021 - NYC, NY

Evergreen Technologies, LLC.

North Bergen, NY

The Senior Identity and Access Management Engineer must have a pre-requisite knowledge of a broad range of technologies and standards including but not limited…

Principal Navigation Engineer- Orolia Defense and Security

Orolia

Rochester, NY

Lead engineers and product development teams to design, develop and qualify new PNT products and solutions. The Principal Signal Navigation Engineer will be a…

Senior IAM Engineer – SIM21-PL2021 - NYC, NY

Evergreen Technologies, LLC.

North Bergen, NY

The Senior IAM Engineer must have a pre-requisite knowledge of a broad range of technologies and standards including but not limited to:

Ad