Security Engineer II - Security Guidance
Posted on Saturday, May 13, 2023
The security organization at Uber is dedicated to enabling safe and secure innovation while protecting the communities we serve both online and in the physical world. We are responsible for protecting both people and their data across intersections of the digital and physical world. The primary objective for Uber Engineering Security team is to enable the technical ambitions of the company while maintaining the highest standards of security and privacy for our customers and partners. As cybersecurity threats evolve, we do too. About The RoleUber’s Product Security organization is looking for a Security Engineer II to join our Security Guidance (SG) team. We provide contextual, on-demand security guidance to product teams at Uber, whenever new products or product features are being conceived.As a member of the SG team, your principal mission will be to coordinate and conduct pre-release technical security system design reviews for Uber’s product suite and platform, in accordance with our secure software development lifecycle (SDL/SDLC). You will work closely with engineering teams throughout the company to analyze their engineering design documents, identify potential security design flaws in the areas of cloud security, infrastructure security, data security, and applications security. As a SG engineer, you will provide security-specific corrective direction to engineers, author security-related feature requests against products, gather critical technical design information required for security assessments, and own technical interfacing for related remediation efforts.This is an outstanding opportunity for an expert security engineer who is knowledgeable in multiple security domains to play a central role in shifting security left, and make cross-cutting strategic impacts to the security of our next-gen systems and services. What You Will Do
- Perform multi-disciplinary security design reviews of engineering design proposals. Consider aspects of application, cloud, infrastructure, and data-layer security.
- Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security posture of our products and services.
- Build quality written work products for both technical engineering and non-technical consumers.
- Be a domain expert and ambassador to core Uber Engineering for secure application and systems design areas.
- Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
- Provide technical mentorship for remediation efforts, coordinating with our Application Security and assessment teams.
- Perform any other security guidance or product security related activities or tasks as needed or advised.
- Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
- 3+ years overall of relevant security engineering or architecture experience.
- A security-related or architect-related certification such as CISSP, OSCP, CEH, GCP/AWS/Azure/OCI Cloud Security or Architect Certifications, and/or willing to work towards ultimately obtaining one as part of your career path.
- Possess a broad knowledge of threat modeling and the associated design patterns to correct and/or mitigate security attacks and threats.
- Experience with security designs related to Cloud-native services, service and microservices meshes.
- Familiarity with industry-standard risk modeling and vulnerability classification.
- Ability to build written-work products and detailed technical documents.
- Be able to apply creative thinking and problem solving on the boundary of your knowledge base, learning new technologies or languages as needed to solve sophisticated technical controls problems in our product suite.
- Collaboration skills, deep technical ability, and a history of successful execution working with a broad suite of infrastructure to applications layer technologies.
- Experience with one of: Go, Java, Python, NodeJS, etc.
- Experience with RDBMS and non-RDBMS (noSQL) data store technologies such as PostGRESQL, MySQL, Hadoop, GCP BigQuery, AWS RDS & DynamoDB, GraphQL and more.
- Experience with Identity-aware proxy and HTTP routing technologies.
- Familiarity with privacy, healthcare and payments processing regulatory frameworks and how they guide or affect secure systems design.
- Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
- Familiarity with one or more of AWS, Azure, GCP, OCI public cloud providers, plus private cloud equivalent service layers.
See more open positions at Uber
Something looks off?