Uber Security Engineer II - Design 

United States, West Virginia 

258677117

As an SG engineer, you will provide security-specific corrective guidance to engineers, author security-related feature requests against products, capture critical technical design information required for security assessments, and own technical interfacing for related remediation efforts. This is a fantastic opportunity for an experienced security engineer who is knowledgeable in multiple security domains to play a central role in shifting security left, and make cross-cutting strategic impacts to the security of our next-gen systems and services!

• Perform multi-disciplinary security design reviews of engineering design proposals while considering aspects of application security, cloud security, infrastructure security, data-layer security.
• Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security posture of our products and services.
• Create quality written work products for both technical engineering and non-technical consumers.
• Be a subject matter expert and ambassador to core Uber Engineering in the areas of secure application and systems design!
• Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
• Provide technical guidance for remediation efforts, coordinating with our AppSec and assessment teams.
• Perform any other security design or product security related activities or tasks as needed or directed.

• Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
• 3+ years overall of relevant engineering or security engineering or security architectural experience.
• A security-related or architect-related certification such as CISSP, OSCP, CEH, GCP/AWS/Azure/OCI Cloud Security or Architect Certifications, and/or willing to work towards ultimately obtaining one as part of your career path.
• Possess a broad knowledge of threat modeling and the associated design patterns to correct and/or mitigate security attacks and threats.
• Experience with security designs related to Cloud-native services, service and microservices meshes.
• Familiarity with industry-standard risk modeling and vulnerability classification.
• Ability to create written work products and detailed technical documents.
• Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to solve complex technical controls problems in our product suite.

• Great interpersonal skills, deep technical ability, and a history of successful execution working with a broad suite of infrastructure to applications layer technologies.
• Experience with one of: Go, Java, Python, NodeJS, etc.
• Experience with RDBMS and non-RDBMS (NoSQL) data store technologies such as PostgreSQL, MySQL, Hadoop, GCP BigQuery, AWS RDS & DynamoDB, GraphQL, and more.
• Experience with Identity-aware proxy and HTTP routing technologies.
• Familiarity with privacy, healthcare and payments processing regulatory frameworks and how they guide or affect secure systems design.
• Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
• Familiarity with one or more of AWS, Azure, GCP, OCI public cloud providers, plus private cloud equivalent service layers.

* Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to .