Security Engineer II - AppSec

At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.


We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world forward, together.

About the Role


We are seeking a talented Security Engineer to join our Application Security team. The prospective nUber will be primarily responsible for evaluating automated static and dynamic analysis frameworks, as well as designing, implementing and deploying service integrations that leverage the capabilities of bespoke security frameworks to discover vulnerabilities in mobile, web and infrastructure-related apps and services.

What You’ll Do

  • Evaluate static and dynamic analysis tools, and determine their usefulness in Uber’s environment

  • Integrate vulnerability scanners into Uber’s vuln management system

  • Design, implement and deploy small to medium-size security libraries, frameworks and systems to enable security by default

  • Provide security guidance to application and service owners to remediate triaged vulnerabilities

What You’ll Need

  • Expertise in at least one security domain (e.g., OAuth, OpenID Connect, PKI, etc.)

  • Programming skills in at least one of: Go, Java, Python, NodeJS, etc

  • Ability to communicate ideas and proposals concisely

  • Ability to lead cross-team initiatives and drive them towards completion

Bonus Points If

  • Experience performing threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies

  • Experience designing, implementing and deploying large distributed systems

  • Prior vulnerability management experience

  • Expertise in multiple security domains or crypto systems

About the Team


The Application Security team works on securing Uber’s applications and services by finding, fixing, and preventing impactful security vulnerabilities across all software components at the company. To that end, we:

  • Perform design and code reviews of new features, integrations, applications and services

  • Manage a public bug bounty program aimed at crowdsourcing security intelligence

  • Build developer libraries, frameworks, and tooling to enable security by default

  • Manage and evangelize Uber’s Secure Software Development Lifecycle

  • Provide security guidance and education to developers

  • Build dashboards to increase visibility into outstanding security debt