דרושים Security Technologist - Offensive/pentester ב-Uber ב-ארהב

As a Senior ML Engineer, you’ll translate ambiguous business and security needs into concrete ML problems, design and iterate on solutions, and take them end-to-end into production. This is greenfield work at the intersection of ML, security, and infrastructure, shaping how Uber secures AI at scale.

1. 5+ years experience in formulating ML problems from ambiguous business requirements especially in risk, fraud, or security contexts
2. Proficiency across a broad range of ML algorithms: tree-based models (XGBoost, LightGBM), classical statistical models (logistic regression, SVMs), and deep learning architectures (CNNs, RNNs, Transformers), with the ability to select and apply the right approach based on context and data.
3. Hands-on experience with feature engineering, model development, and productionization of ML pipelines.
4. Proficiency in PyTorch, TensorFlow, or similar ML frameworks, and in Python or comparable languages for scalable, production-grade systems.

1. Proven ability to own ML systems end-to-end: from requirement discovery → feature design → modeling → deployment.
2. Deep experience with advanced ML techniques, including ensemble methods, neural networks, graph-based models, and handling challenges like imbalanced data, feedback loops, and iterative retraining.
3. Familiarity with large-scale data/infra systems (Kafka, Pinot, Hive, Cassandra, Spark, Flink).
4. Background in access control, authentication, or enterprise security systems.
5. Track record of technical leadership: mentoring engineers, driving cross-functional initiatives, or shaping ML/security strategy.

1. Translate business and security needs into well-defined ML problems.
2. Develop, iterate, and productionize ML models that drive risk-adaptive decisions in real-time.
3. Engineer features from Uber’s risk systems, logs, and contextual signals.
4. Integrate ML systems into Uber’s critical access pathways (containers, APIs, gateways, data).
5. Collaborate across Security, Risk, and Infra teams to deliver scalable, production-ready solutions.
6. Provide leadership by mentoring junior engineers, evangelize ML best practices, and help shape ML strategy within AI Security.

For San Francisco, CA-based roles: The base salary range for this role is USD$198,000 per year - USD$220,000 per year.

For Sunnyvale, CA-based roles: The base salary range for this role is USD$198,000 per year - USD$220,000 per year.

About the Role:

Reporting to Chief Ethics, Compliance & Security Officer, you will be responsible for defining the technology roadmap, identifying and evaluating new tools, leading cross-functional projects, and fostering a culture of innovation and continuous improvement within the ECS tech ecosystem. You will partner closely with engineering, IT, legal, and various business teams to deliver robust, scalable, and user-centric solutions to elevate our impact.

What You'll Do:

- Product Ownership:Act as the overall product owner for ECS-specific technology initiatives, defining requirements, prioritizing features, and overseeing the entire development lifecycle, from concept to deployment and ongoing maintenance.

- Tooling & Systems Management:Lead the selection, implementation, configuration, and ongoing management of a diverse portfolio of ECS tools, including but not limited to: Case management systems (integrity helpline, investigations); Public Safety response portal; Governance, Risk, and Compliance tools like ServiceNow; Regulatory and Risk assessment and management tools; Security incident response platforms; Data management

Identify opportunities to automate and streamline ECS processes through technology, improving efficiency and reducing manual effort.

Basic Qualifications:

- 12+ years of experience in technology leadership, product management, technical program management or a similar role, with a strong focus on enterprise software implementation and management.

- Proven hands-on experience implementing and leveraging AI within an organization.

- Strong track record of successfully leading complex technology projects from inception to completion, on time and within budget.

- Demonstrated ability to influence across a broad spectrum of stakeholders.

- Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex technical concepts to non-technical stakeholders.

- Bachelor's degree in related field; or equivalent practical experience.

Preferred Qualifications:

- Familiarity with various programming languages and architectural patterns.

- Proficiency in technologies in one or more of the following: SQL, Spark, Hadoop

- Advanced understanding of statistics, causal inference, and machine learning

- Experience designing, prototyping and implementing large scale initiatives.

- Experience working with large scale data sets using technologies like Hive, Presto, and Spark.

- Proficiency in fine-tuning and optimizing large language models (LLMs).

- Experience with GRC (Governance, Risk, and Compliance) platforms.

- Experience in retrieval-augmented generation (RAG) systems.

- Familiarity with agentic workflows and their applications in machine learning and AI systems.

- Master's degree in a relevant field.

For New York, NY-based roles: The base salary range for this role is USD$239,000 per year - USD$265,500 per year.

For San Francisco, CA-based roles: The base salary range for this role is USD$239,000 per year - USD$265,500 per year.

About the Role

You will partner closely with teams across Data Platform, Infrastructure, Engineering Security, Product, and Legal, serving as the connective tissue across disciplines to deliver secure, compliant, and scalable solutions. This role requires strong technical depth, strategic program ownership, and a proactive leadership mindset.

As a TPM, you will own the problem space end-to-end, working closely with engineering and product leaders to define and drive solution strategy. Lead high-impact, cross-functional initiatives, coordinating efforts across multiple engineering teams to deliver secure outcomes. Establish and track clear program milestones, KPIs, and success metrics to ensure accountability and transparency. Proactively identify risks, resolve dependencies, and escalate issues as needed to keep execution on track.Drive operational rigor by standardizing best practices, improving execution efficiency, and enabling consistent, repeatable program delivery. Deliver clear and concise executive communications, including regular program updates to senior leadership and stakeholders.

What the Candidate Will Do:

• You are a strategic, execution-focused TPM who can fluidly move between big-picture thinking and detailed program execution. You lead complex, cross-functional security initiatives — often with tight deadlines and high ambiguity — and are a trusted connector across the company. Intuitive, driven, organized, and direct, you build strong relationships with stakeholders at all levels, identify communication gaps early, and create clarity in fast-moving environments. You bring empathy and integrity to tough conversations and establish trust through consistent delivery and follow-through.
• Lead large-scale security programs that span teams, organizations, and technical stacks. You work with engineering leaders to define scope, estimate work, set milestones, and manage cross-functional dependencies across product, legal, and operations teams.
• Driving clarity and execution, using KPIs, milestones, and risk assessments to track progress. You proactively remove obstacles, manage escalations, and help teams stay focused on outcomes.
• Understanding technical systems and trade-offs at the architectural level. You ask the right questions to clarify priorities, evaluate alternative solutions, and enable teams to deliver secure, scalable systems.
• Balancing user needs with technical constraints, especially in high-impact security areas such as access control, infrastructure resilience, incident response, and compliance. You make data-driven decisions with end-user trust in mind.
• Owning strategic and operational planning cycles, helping lead cross-functional discussions that shape long-term roadmaps, investment planning, hiring goals, and organizational alignment.
• Scaling best practices across the organization, improving how we run programs and ship secure systems. You contribute to building reusable program frameworks and mentor TPMs and engineering leaders in program management excellence.
• Communicating effectively at all levels, including regular updates to executives and stakeholders that highlight progress, surface risks, and reinforce accountability

Basic Qualifications:

• 5+ years of experience as a Technical Program Manager or Engineering Manager in security-focused roles, or in adjacent areas such as infrastructure, platform engineering, or data systems.
• Strong understanding of security domains such as application security, cloud security, offensive security, compliance, data protection, and broader enterprise security use cases.
• Proven track record of driving complex, cross-functional programs from inception to launch.
• Familiarity with cloud and data infrastructure, offensive security, application security, and software development lifecycle (SDLC).
• Excellent written and verbal communication skills, with the ability to influence technical and executive stakeholders.
• Technical degree with years of software development experience and exposure to large scale infrastructure in a distributed environment
• Solid technical aptitude and an ability to understand technical designs, challenges, and risks. Engineers enjoy working closely with you.
• Excellent written and verbal communication skills and exceptional emotional intelligence.
• Proven strong cross-team and cross-org stakeholder management.
• Analytical and truth seeking. Ability to understand complex concepts and make reasoned decisions objectively.
• Metrics driven: Experience determining effective program KPI’s and using them to measure program success and issues.
• Strong organizational skills to juggle many tasks without losing sight of the highest priority items.
• Excellent in identifying process gaps, measuring progress, and balancing engineering and product efficiency with process overhead.

Preferred Qualifications:

• Experience with large-scale security migrations and secure software deployments in dynamic, multi-language microservices environments.
• Experience developing and supporting automated approaches for implementing and testing security controls within microservice and DevOps workflows.
• Background in security engineering, cloud/infrastructure security, or managing security-focused engineering teams.

For San Francisco, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.

For Sunnyvale, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.

About the Role

As Senior Cloud Security Engineer, you will be is responsible for designing and implementing robust security architectures across cloud platforms such as AWS, OCI, or GCP. You will lead efforts to identify and mitigate security risks in cloud infrastructure, migrate existing or enable new business while ensuring compliance with industry standards and internal policies. This role involves collaborating with application and infrastructure teams to embed security best practices from design to deployment stage. Additionally, you will have opportunities to drive strategic initiatives to modernize security operation with genAI.

- - - What the Candidate Will Do ----

• Define, implement and maintain Uber custom cloud security baselines and controls across AWS, Azure, or GCP environments.
• Conduct risk assessments and security reviews for legacy cloud environment, design mitigation plan and execute.
• Research and prototype emerging security technologies, including GenAI driven tools, to improve security operation productivity and quality.

- - - - Basic Qualifications ----

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical experience)
• 4+ years of hands-on experience in cloud security, working with major cloud platforms like AWS, OCI, or GCP
• Deep understanding of cloud-native security controls, identity and access management, networking, and vulnerability
• Proficiency in scripting or programming languages such as Python or Go for automation and tooling
• Strong knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, SOC 2, CIS Benchmarks, FedRamp)

- - - - Preferred Qualifications ----

• Experience in leveraging GenAI tools to automate security operations such as help desk chatbot, security ops agent and contextualized risk analysis.
• Experience securing AI/ML workloads in cloud environments, including model access control and data protection.
• Experience with infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation) and security scanning tools.

For San Francisco, CA-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

For Sunnyvale, CA-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

What you will do:

1. Design and implement the information security program, aligned with IFPE regulations and frameworks such as ISO 27001 & NIST.
2. Assess and mitigate cybersecurity risks across IT systems and networks.
3. Establish cybersecurity policies, procedures, and controls in collaboration with global cross-functional teams
4. Coordinate the management of security incidents, including proper communication to stakeholders and regulators.
5. Supervise internal and external security audits and coordinate the remediation of identified vulnerabilities or non-conformities.
6. Train and raise awareness among personnel on cybersecurity best practices and threat prevention (e.g., phishing, social engineering, ransomware).
7. Ensure compliance with the local regulations and internal policies regarding the use and safeguarding of information assets
8. Respond to any information security requirement from CNBV or BANXICO
9. Supervise third party vendors

Basic Qualifications

1. 7+ years of experience implementing information security initiatives, navigating through various regulatory procedures.
2. Computer Systems Engineer or similar Engineering degree.
3. Experience handling similar roles in a MX financial context
4. Leadership and critical thinking skills
5. Strong communication skills between different stakeholders
6. Creative problem-solving
7. SPEI information security guidelines
8. Negotiation skills
9. Supervise information security compliance on third-party vendors

Preferred Qualifications

1. Information security certification such as CISM, CISSP, ISO27001 implementer, etc.
2. Technical cybersecurity hands-on knowledge
3. Proficiency in Python, R or other programming languages.
4. Scripting basics

* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to .

About the Role

Global Strategic Analysis provides analytic insights and recommendations to enable leadership decision-making on employee life and safety, and marketplace security risks. We seek to inform leadership of emerging threats and forecast future challenges, as well as provide mitigation insights and suggestions.

The Regional Security Analyst -- APAC Lead will be the primary intelligence personnel responsible for briefings and intelligence analytic products covering the security landscape in Australia, North Asia, Southeast Asia, and other major markets in the region.

Your Impact in Role

• Producing oral and written analytic findings to Global Security stakeholders within the assigned region to support employee life & safety (ELS) and marketplace security decision making.
• Acting as a liaison between the relevant security center to convert raw information into actionable intelligence.
• Collaborate with other GSA members to produce strategic intelligence analysis with regional input and analysis.

What You Will Need

• Bachelor's degree in criminal justice, international affairs, political science, or other related field is preferred.
• Experience in physical security, corporate investigations, military, law enforcement, or similar field.
• Strong analytic written and oral communication skills, including the ability to synthesize complex information into actionable intelligence reports and briefings.
• Fluency English and one or more languages native to the region is preferred.
• Ability to conduct OSINT and intelligence vendor research is preferred.

* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to .

What You Will Do

1. Architect and build distributed, secure backend systems to enable zero trust architecture (zero-touch certificate issuance , key lifecycle management , and secrets automation) across cloud-native multi-cloud infrastructure
2. Drive Uber’s Platform modernization efforts while maintaining high UX standards for client teams
3. Expand and scale secure services
4. Integrate cryptographic infrastructure into Uber’s developer, CI/CD, and provisioning workflows
5. Collaborate across various teams and orgs to design scalable trust and identity models
6. Investigate and introduce emerging security technologies into core infrastructure
7. Mentor engineers, lead technical design reviews, and champion engineering excellence in documentation, testing, observability, and operations

Basic Qualifications

1. 8+ years of software engineering experience, with strong focus in backend infrastructure, distributed systems, or platform security
2. Proficiency in one or few languages like Go, Python, Java or C/C# with experience building performant, maintainable, and secure codebases
3. Deep knowledge of PKI , cryptography and identity
4. Experience with certificate authorities, secrets storages and lifecycle tools (e.g., EJBCA, Hachicorp Vault)
5. Practical experience with KMS infrastructure , including cloud-native tools (e.g., AWS/GCP KMS, OCI Vault, Azure KeyVault) or HSM integrations
6. Strong systems design, debugging, and operations background in Security infrastructure leveraging consensus mechanisms for cryptographickey/secrets management
7. Effective cross-functional communicator and technical leader

Preferred Qualifications

1. Knowledge of zero-trust architectures , mTLS, SPIFFE/SPIRE, and service mesh integrations
2. Experience working across both cloud (AWS/GCP) and hybrid/on-prem environments
3. Familiarity with Infrastructure-as-Code tools (Terraform) and secure automation
4. Contributions to open-source PKI, crypto/tink, or security tooling
5. Experience building device attestation, hardware-backed identity, or cloud-native workload identity solutions
6. Demonstrated impact on org-wide architectural decisions and mentorship at scale

* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to .