About The RoleUber is seeking a Security Engineer II to join our Product Security Team. In this role your principal mission will be to drive security-related engineering engagement and technical remediation across our product lines, supporting our vulnerability management, application security, and cloud security teams to scale security engagement across Engineering. As a ProdSec engineer you will leverage your software engineering skills and security expertise to raise the security bar across our infrastructure, mobile services and web apps. This is a unique opportunity to work with both senior and new-grad engineers, make a real impact on Uber’s security posture, and continue to up level your own software engineering and security skills. What The Candidate Will Need / Bonus Points

• Use your software engineering skills to architect, design, and implement (golang) security tools and services to automate product security processes
• Perform security vulnerability validation and revalidation reviews to confirm and assess security implications of reported security findings from our automated vulnerability programs
• Perform code reviews, security design reviews and other internal consultancy on an as-needed basis
• Provide software security guidance to application and service owners to remediate known security vulnerabilities
• Lead product security efforts during security incident management, and define post-incident product security remediation plans

What You'll Do

• Expertise in multiple security domains, security assessment, or bug bounty experience.
• Experience building software applications, systems, or services.
• Experience performing threat modeling, design and code reviews.
• Experience with application security data analysis from DAST, SAST, SCA and vulnerability tooling
• Experience with Cloud security principles in one or more of: AWS, GCP, Azure, or OCI public cloud providers.
• Ability to communicate ideas and proposals concisely to a wide-range of audiences.

Basic Qualifications

• Bachelor's in Computer Science, Engineering or a related field.
• Programming skills in at least one of: Go, Java, Python, JavaScript, etc.
• 3+ years of relevant security engineering, security assessment experience in a product development role.
• Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
• Experience finding and fixing common infrastructure, application or mobile security vulnerabilities.
• Experience in at least one security domain: application security, mobile security, cloud security, systems security, program analysis, or reverse engineering.

Uber is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.Offices continue to be central to collaboration and Uber’s cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.