What you'd actually do

Design, build, and deploy large-scale automation to discover, analyze, and remediate security vulnerabilities across thousands of services.

Design end-to-end systems and features for application security platforms, including secret discovery, code scanning, and vulnerability remediation.

Identify security-sensitive functionality and coverage gaps across applications and services, and develop automation to close those gaps.

Research novel attack techniques and security weaknesses, and automate their detection using innovative tools and approaches.

Build distributed backend systems that power real-time analytics and data-driven security insights at Uber scale.

Skills

Required

Bachelor's degree in Computer Science, Engineering, or a related field.
5+ years of professional experience in software engineering.
Strong programming experience in one or more languages such as Go, Java, C, or Python (Go preferred).
Experience identifying and remediating common security vulnerabilities (e.g., OWASP Top 10).
Solid understanding of service-oriented and distributed system architectures.
Experience designing and implementing REST APIs.
Experience with datastore technologies, including relational and NoSQL databases.
Familiarity with distributed messaging systems (e.g., Kafka or similar).

Nice to have

Master's degree (or Ph.D.) in Computer Science, Engineering, or a related field.
Experience designing, implementing, and operating production-quality distributed systems.
Experience building real-time data pipelines and analytics systems.
Experience integrating open-source security scanners and/or commercial security tools.
Expertise across multiple security domains, such as application, cloud, or systems security.
Experience performing threat modeling, design reviews, and code reviews.
Strong communication skills, with the ability to clearly articulate technical concepts to diverse audiences.

About the Role

Uber is seeking a Senior Security Engineer to join our Application Security team. In this role, you will help evolve and extend Uber’s already highly automated AppSec platform by designing and deploying next-generation capabilities, including AI-driven vulnerability scanning, agent-based discovery, and intelligent asset indexing. You will build and operate security automation that continuously identifies vulnerabilities such as XSS, SQLi, CSRF, SSRF, and more across Uber’s application ecosystem.

You will apply strong software engineering fundamentals to build production-grade systems that raise the security bar across Uber’s mobile and web applications. This role offers the opportunity to collaborate closely with engineers across the company, mentor junior team members, make a measurable impact on Uber’s security posture, and continue growing both your software engineering and security expertise.

---- What the Candidate Will Do ----

Design, build, and deploy large-scale automation to discover, analyze, and remediate security vulnerabilities across thousands of services.
Design end-to-end systems and features for application security platforms, including secret discovery, code scanning, and vulnerability remediation.
Identify security-sensitive functionality and coverage gaps across applications and services, and develop automation to close those gaps.
Research novel attack techniques and security weaknesses, and automate their detection using innovative tools and approaches.
Build distributed backend systems that power real-time analytics and data-driven security insights at Uber scale.
Collaborate closely with engineering teams and stakeholders across Security, Privacy, Compliance, Infrastructure, and Product to integrate security capabilities into Uber’s platform.
Provide guidance to application and service owners to remediate identified security issues.
Perform threat modeling, design reviews, and code reviews to assess security risks in new and existing systems.
Mentor junior and new graduate engineers.

---- Basic Qualifications ----

Bachelor’s degree in Computer Science, Engineering, or a related field.
5+ years of professional experience in software engineering.
Strong programming experience in one or more languages such as Go, Java, C, or Python (Go preferred).
Experience identifying and remediating common security vulnerabilities (e.g., OWASP Top 10).
Solid understanding of service-oriented and distributed system architectures.
Experience designing and implementing REST APIs.
Experience with datastore technologies, including relational and NoSQL databases.
Familiarity with distributed messaging systems (e.g., Kafka or similar).

---- Preferred Qualifications ----

Master’s degree (or Ph.D.) in Computer Science, Engineering, or a related field.
Experience designing, implementing, and operating production-quality distributed systems.
Experience building real-time data pipelines and analytics systems.
Experience integrating open-source security scanners and/or commercial security tools.
Expertise across multiple security domains, such as application, cloud, or systems security.
Experience performing threat modeling, design reviews, and code reviews.
Strong communication skills, with the ability to clearly articulate technical concepts to diverse audiences.

For New York, NY-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

For San Francisco, CA-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

For Seattle, WA-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

For Sunnyvale, CA-based roles: The base salary range for this role is USD$202,000 per year - USD$224,000 per year.

For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. All full-time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits. More details can be found at the following link https://jobs.uber.com/en/benefits.

Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuels progress. What moves us, moves the world - let's move it forward, together.

Uber is proud to be an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.

Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.