About the role and team
Sec Eng at Uber means building for real-world impact under real-world constraints. As Uber rapidly adopts AI and agentic workflows, we must ensure this evolution is secure by design. We are looking for a hands-on Security Engineer to red team this emerging surface area, identify critical vulnerabilities across agents and tools, and drive the engineering changes necessary to mitigate them.
This role isn't just about finding bugs; it’s about navigating the messy reality of high-stakes, fast-moving AI adoption. You will need to move from deep technical architectures to leadership-level risk discussions, often pushing back on designs with imperfect information. If you are a resilient problem-solver who enjoys unblocking teams while maintaining a high security bar, you will thrive here.
What you’ll do
Red team AI agents and developer tools to identify vulnerabilities, creating reproducible PoCs and clear mitigation paths for engineering teams.
Translate complex standards like the OWASP Top 10 for LLMs into Uber-specific reference architectures and enforceable security controls.
Drive findings through to completion by partnering across disciplines—including engineering, legal, and external vendors—to land fixes in a fast-paced environment.
Scale your security testing by building automated evaluation harnesses and AI-driven regression coverage to keep pace with rapid deployment.
Communicate residual risk to non-technical stakeholders and leadership, translating technical debt into actionable business decisions.
Own the security bar for agentic workflows and vendor onboarding, ensuring that guardrails are integrated into the developer experience from day one.
Basic Qualifications
Senior/Staff seniority in a Security Engineer role, specifically within threat modeling or security architecture.
Proficiency in Python or Go, with the ability to write modular, high-quality code and pass a technical coding interview.
Experience performing offensive security testing and identifying architectural gaps in distributed systems (microservices, APIs, or cloud infrastructure).
Demonstrated knowledge of AI-specific security risks, including OWASP Top 10 for LLM or Agentic Applications.
Bachelor’s degree in Computer Science, a related technical field, or equivalent practical experience.
Preferred Qualifications
Experience securing developer ecosystems, no-code platforms, or sandboxed execution environments.
Proven track record of influencing cross-functional teams to implement security changes without direct authority.
Experience building policy-as-code or automated security gates for model and tool onboarding.
Ability to synthesize complex findings into leadership-ready recommendations that drive strategic business shifts.
Hands-on experience with MCP-style tool calling and agent integrations.
Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuelds progress. What moves us, moves the world - let’s move it forward, together.
Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.
*Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to accommodations@uber.com.