Sr. Security Engineer - Vulnerability Management @ Uber - Woodside, NY

Job Overview

8 days ago

Sr. Security Engineer - Vulnerability Management

Uber - Woodside, NY

About the Role
We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on building out and scaling our asset inventory platform, as well as scaling our CORP and Infrastructure-wide security scanning capabilities. In addition, the nUber will work closely with our M&As in an effort to scale their Vulnerability Management function, close any remaining gaps, and improve patch health visibility into M&As’ endpoints, mobile, prod, COPR and cloud infrastructure. You can expect to spend 50%+ of your time implementing new security tools, improving existing ones, as well as building out and deploying new security integrations. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines.
What You'll Do
  • Design, build and deploy automation to scale infrastructure vulnerability discovery efforts across a growing list of M&As.
  • Work closely with M&As around the world to set up and scale their Vulnerability Management function.
  • Build out and scale our asset inventory platform.
  • Drive vuln remediation across prod, CORP, cloud, endpoint and mobile assets.
  • Provide actionable security guidance to asset owners in an effort to speed up vuln remediation.
  • Mentor junior security engineers
Basic Qualifications:
  • Bachelor's in Computer Science or a related field or equivalent industry experience
  • Experience in at least one security domain (e.g., infrastructure security, web security, etc.)
  • Expertise in at least one of: Go, Java, Python, NodeJS, etc.
Preferred Qualifications:
  • Experience designing, implementing and deploying large distributed systems
  • Prior vulnerability management experience
  • Expertise in multiple security domains
  • Ability to see the big picture, build out concise, comprehensive, yet realistic project plans
  • Ability to communicate ideas and proposals concisely
  • Proven track record demonstrating impact across several teams, organizations and/or security areas
About the Team
We are a team of software engineers with security mindsets. We lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 web services, endpoints, mobile devices, prod & CORP infrastructure.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor.

Similar Jobs

Global Insider Threat Analyst

Deloitte

New York, NY

Contribute to other data security projects as needed. Do you thrive on developing creative and innovative insights to solve complex challenges?

Global Insider Threat Analyst

Deloitte

Jericho, NY

Contribute to other data security projects as needed. Do you thrive on developing creative and innovative insights to solve complex challenges?

Global Insider Threat Analyst

Deloitte

Philadelphia, PA

Contribute to other data security projects as needed. Do you thrive on developing creative and innovative insights to solve complex challenges?

Global Insider Threat Analyst

Deloitte

Parsippany, NJ

Contribute to other data security projects as needed. Do you thrive on developing creative and innovative insights to solve complex challenges?

Tier 3 Security Event Monitoring Analyst

Deloitte

Philadelphia, PA

Strong background in security incident response, system operations and threat intelligence. The Tier 3 Event Monitoring Analyst position supports the SOC as an…

Manager, Cyber Security Splunk Engineering

Deloitte

Philadelphia, PA

Support all security applications/tools the SOC Engineering team operational support. Actively seek to improve and develop new content based upon observed…

Tier 3 Security Event Monitoring Analyst

Deloitte

Princeton, NJ

Strong background in security incident response, system operations and threat intelligence. The Tier 3 Event Monitoring Analyst position supports the SOC as an…

Global Identity Access Management Engineer

Deloitte

Princeton, NJ

Work collaboratively with information security organization to assist in the detection and mitigation of security events. Work with other experts in your field?

Manager, Cyber Security Splunk Engineering

Deloitte

Princeton, NJ

Support all security applications/tools the SOC Engineering team operational support. Actively seek to improve and develop new content based upon observed…

Cloud Network and Security Architect/Engineer

Deloitte

Princeton, NJ

Architect and engineer WAN connectivity including MPLS, E-LAN, IPsec and SASE solutions to enable migration of application and services into regional delivery…

Cloud Network and Security Architect/Engineer

Deloitte

Philadelphia, PA

Architect and engineer WAN connectivity including MPLS, E-LAN, IPsec and SASE solutions to enable migration of application and services into regional delivery…

SSDLC Cybersecurity Assessment Analyst

Deloitte

Princeton, NJ

As required, operate SSDLC, including support for architectural security reviews, identification of security gaps in architecture, and ensuring system/solutions…

Application Security Engineer

Block

New York, NY

2+ years of relevant security experience. Discover security issues through penetration testing, source code review, and design review. Check out our I+D page.

Endpoint Security Engineer

JPMorgan Chase Bank, N.A.

Brooklyn, NY

Ability to identify vulnerable system security configuration issues, and solution appropriate recommendations for remediation.

Application Security Engineer/Application Cyber Security Engineer

QLIK

New York, NY

Proven experience in a software security role. Experience with mobile security (iOS. Android). Comfortable interfacing with external security professionals to…

Application Security Engineer/Application Cyber Security Engineer

QLIK

King of Prussia, PA

Proven experience in a software security role. Experience with mobile security (iOS. Android). Comfortable interfacing with external security professionals to…

Senior Software Engineer - Identity & Access Management (US Remote Available)

Splunk

New York, NY

We believe in growing engineers through ownership and leadership opportunities. Perform analysis of security events across multiple identity platforms, and…

ACS Engineering Cyber Security Leader

GE Renewable Energy

New York, NY

Develop and conduct relevant security training for various internal audience, such as product managers, software engineers and technical support.

Senior Security Engineer

Qualio

New York, NY

Leading incident response efforts for security incidents. Experience securing Kubernetes and container security management. What will I be doing?

Lead Security Engineer

Valley National Bank

Wayne, NJ

Responsible for securing cloud environments and deploying cloud security technologies as directed by security architecture team.

Sr. Network Security Engineer

Valley National Bank

Wayne, NJ

Support information security projects throughout the bank. Examine relevant logs from disparate security systems and interpret results.

Data Extraction / Reverse Engineer

Nayya

New York, NY

Be responsible for documenting and providing detailed reports of findings for other engineers. At Nayya, we believe there's a better way to choose and use…

Info Security Analyst

MSA Security

New York, NY

Minimum of 1 years of work experience in cyber security analysis, information security analysis, or digital forensics. 41 CFR 60-1.35(c).

Data and Cloud Security Senior Engineer

AmerisourceBergen

Conshohocken, PA

Develops security solutions for simple to medium assignments. Focused on driving security strategies, policies/standards, ensuring the effectiveness of…

Ad