About the Role
The CyberSecurity Incident Response team (CIRT) is at the forefront of protecting Uber. We are a hands-on, fast-paced team that responds to security incidents, conducts forensic investigations, and builds automated solutions to scale our defenses.
As a Senior Security Investigator, your role is to lead complex, high-impact security investigations across a global, large-scale environment. This role is ideal for a seasoned security professional who excels at uncovering sophisticated threats, driving automation at scale, shaping investigative strategy, and mentoring teams to deliver world-class response.
You will partner with Security Engineering, Detection & Response, Threat Intelligence, Legal, HR, and Executive Leadership to contain threats, protect user and corporate data, and elevate our overall security posture.
What the Candidate Will Need / Bonus Points
---- What the Candidate Will Do ----
- Lead complex security investigations end-to-end and perform deep forensic analysis across endpoints, cloud environments, identity systems, networks, and application logs to uncover root cause and attack paths.
- Own & Build automation and tooling to accelerate evidence collection, log enrichment, triage workflows, and decision-making at global scale.
- Improve detection and response capabilities by partnering with Threat Intelligence, Detection Engineering, and Platform teams.
- Lead major cross-functional security initiatives that strengthen investigative readiness, digital forensics, cloud incident response, and threat-hunting capabilities.
- Mentor and develop investigators and analysts, providing technical guidance, reviewing casework, and elevating investigative rigor.
- Continuously evolve investigation methodology by analyzing trends, identifying gaps, and embedding lessons learned back into the security ecosystem.
---- Basic Qualifications ----
- Bachelor's degree in Computer Science, Information Security, or a related field..
- 5+ years of experience in Security Investigations, Incident Response, Threat Hunting, or Digital Forensics within large-scale or high-risk environments.
- Proven expertise with forensic tooling, log analysis, SIEM platforms, EDR solutions, and cloud investigation workflows (AWS/GCP/Azure).
- Strong understanding of attacker TTPs, modern threat landscape, and frameworks like MITRE ATT&CK.
- Hands-on experience building automation using Python, APIs, SOAR, or equivalent frameworks.
- Ability to lead complex investigations end-to-end and communicate findings effectively to senior leadership.
- Experience running or contributing to large cross-company security projects.
---- Preferred Qualifications ----
- Experience in a large-scale, global, distributed systems environments
- Knowledge of identity ecosystems (Okta, Azure AD), container security, and SaaS platform logs.
- Experience in a programming language (e.g., Python, Go, C++, Java, etc) for incident response related automation and data analysis.
- Experience with GenAI in incident response and investigations is a plus.
- Experience mentoring or leading security teams.
For San Francisco, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.
For Seattle, WA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.
For Sunnyvale, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.
For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. All full-time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits. More details can be found at the following link https://jobs.uber.com/en/benefits.
Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuels progress. What moves us, moves the world - let's move it forward, together.
Uber is proud to be an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form.
Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.