Security Engineer II - Product Security
Posted on Tuesday, July 4, 2023
About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering. As a ProdSec engineer you will demonstrate your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services and web apps. This is an outstanding opportunity to work with both senior and new-grad engineers, make a real impact on Uber’s security posture, and continue to up level your own software engineering and security skills. What You'll Do
- Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our automated vulnerability programs
- Use your software engineering skills to architect, design, and implement (Golang) security tools and services to automate product security processes
- Perform code reviews, security design reviews and other internal consultancy on an as-needed basis
- Provide software security guidance to application and service owners to remediate known security vulnerabilities
- Lead product security efforts during security incident management, and define post-incident product security remediation plans
- Bachelor's in Computer Science, Engineering or a related field.
- 3+ years of relevant security engineering, security assessment experience in a product development role.
- Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
- Experience finding and fixing common infrastructure, application or mobile security vulnerabilities.
- Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.
- Expertise in multiple security domains, security assessment, or bug bounty experience.
- Experience building software applications, systems, or services.
- Experience performing threat modeling, design and code reviews.
- Experience with application security data analysis from DAST, SAST, SCA and vulnerability tooling
- Experience with Cloud security principles in one or more of: AWS, GCP, Azure, or OCI public cloud providers.
- Ability to communicate ideas and proposals concisely to a wide-range of audiences.