Security Engineer II - Security Design
UberAbout The Team
Uber's Product Security organization is looking for a Security Engineer II to join our Security Design team. The SG team offers contextual, on-demand security guidance to product teams at Uber, whenever new products or product features are being conceived. As a member of the team, your principal mission will be to coordinate and conduct pre-release technical security system design reviews for Uber's products and services as part of our secure software development lifecycle (SDL/SDLC). You will work closely with engineering teams throughout the company to analyze their engineering design documents, and identify potential security design flaws in the areas of cloud security, infrastructure security, data security, and applications security.
About The Role
As an SG engineer, you will provide security-specific corrective guidance to engineers, author security-related feature requests against products, capture critical technical design information required for security assessments, and own technical interfacing for related remediation efforts. This is a fantastic opportunity for an experienced security engineer who is knowledgeable in multiple security domains to play a central role in shifting security left, and make cross-cutting strategic impacts to the security of our next-gen systems and services!
What You'll Do
- Perform multi-disciplinary security design reviews of engineering design proposals while considering aspects of application security, cloud security, infrastructure security, data-layer security.
- Draw design inferences on our product designs, taking into consideration trade-off decisions to vector improvements in overall security posture of our products and services.
- Create quality written work products for both technical engineering and non-technical consumers.
- Be a subject matter expert and ambassador to core Uber Engineering in the areas of secure application and systems design!
- Conduct full security assessments of products that may include architectural review, threat modeling web and mobile apps assessments.
- Provide technical guidance for remediation efforts, coordinating with our AppSec and assessment teams.
- Perform any other security design or product security related activities or tasks as needed or directed.
Basic Qualifications
- Bachelor's in Computer Science, Engineering or a related field or equivalent work experience as a software engineering or security practitioner.
- 3+ years overall of relevant engineering or security engineering or security architectural experience.
- A security-related or architect-related certification such as CISSP, OSCP, CEH, GCP/AWS/Azure/OCI Cloud Security or Architect Certifications, and/or willing to work towards ultimately obtaining one as part of your career path.
- Possess a broad knowledge of threat modeling and the associated design patterns to correct and/or mitigate security attacks and threats.
- Experience with security designs related to Cloud-native services, service and microservices meshes.
- Familiarity with industry-standard risk modeling and vulnerability classification.
- Ability to create written work products and detailed technical documents.
- Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to solve complex technical controls problems in our product suite.
Preferred Qualifications
- Great interpersonal skills, deep technical ability, and a history of successful execution working with a broad suite of infrastructure to applications layer technologies.
- Experience with one of: Go, Java, Python, NodeJS, etc.
- Experience with RDBMS and non-RDBMS (NoSQL) data store technologies such as PostgreSQL, MySQL, Hadoop, GCP BigQuery, AWS RDS & DynamoDB, GraphQL, and more.
- Experience with Identity-aware proxy and HTTP routing technologies.
- Familiarity with privacy, healthcare and payments processing regulatory frameworks and how they guide or affect secure systems design.
- Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle.
- Familiarity with one or more of AWS, Azure, GCP, OCI public cloud providers, plus private cloud equivalent service layers.
Similar jobs
Last update: 23 minutes ago
Senior Backend Software Engineer - Earnings Experience
Join Uber as a Senior Backend Software Engineer to build scalable systems for earnings experience.
Software Engineer II, Backend - Cloud & Platform Team
Join Uber's Cloud & Platform team as a Backend Software Engineer to build tools for cloud resource management.
Software Engineer II, Backend - Production Engineering
Join Uber as a Software Engineer II in Backend Production Engineering, focusing on reliability and efficiency of tech platforms.
Senior Software Engineer, Backend
Join Uber as a Senior Software Engineer, Backend, focusing on AWS, Java, and microservices in Aarhus, Denmark.
Staff/Lead Application Security Engineer
Join Agoda as a Staff/Lead Application Security Engineer in Bangkok. Enhance security in a dynamic DevSecOps environment.
Senior Software Engineer - Backend - Maps
Join Uber as a Senior Software Engineer in Amsterdam to innovate and scale backend map services.
Staff/Lead Application Security Engineer
Join Agoda as a Staff/Lead Application Security Engineer in a dynamic DevSecOps environment.
Python Software Engineer – Security
Join our SecOps team as a Python Software Engineer to develop security solutions and protect our retail tech platform.
Software Engineer 2 - Platform Security
Join Intuit as a Software Engineer 2 in Platform Security, focusing on cloud infrastructure and security best practices.
Staff Software Engineer - Backend
Join Uber as a Staff Software Engineer - Backend, focusing on membership systems, in Amsterdam. Requires 7+ years experience.
Senior Security Engineer - Application Security
Join Swile as a Senior Security Engineer focusing on application security, threat modeling, and vulnerability management.
Staff Software Engineer - Backend
Join Uber as a Staff Software Engineer - Backend, focusing on membership systems. Work with Java, Python, and C++ in Amsterdam.
Experienced Software Engineer - Product
Join Plaid as an Experienced Software Engineer to develop Europe-specific payment products in a hybrid work environment.
Software Engineer 2
Join Intuit as a Software Engineer 2 in New York to drive security best practices and innovate in cloud technologies.
Senior Application Security Engineer
Join Gen as a Senior Application Security Engineer in Prague to lead security reviews, threat modeling, and developer training.
DevOps Security Expert
Join ABN AMRO as a DevOps Security Expert to secure IT landscapes in a dynamic, international environment.
Senior Offensive Security Engineer
Join Klarna as a Senior Offensive Security Engineer in Berlin to safeguard digital infrastructure and customer data.
Software Development Engineer Intern
Join Amazon as a Software Development Engineer Intern in Amsterdam. Work on cutting-edge technology and industry-defining projects.
Staff Machine Learning Engineer
Join Uber as a Staff Machine Learning Engineer to innovate and lead ML systems for UberEats.
Senior Application Security Engineer
Join Gen as a Senior Application Security Engineer in Prague. Lead security initiatives, conduct reviews, and mentor teams in a dynamic environment.
Senior Full-Stack Developer (PHP/Laravel)
Join Producthero.com as a Senior Full-Stack Developer (PHP/Laravel) in Amsterdam. Enhance our platform with your expertise.
Senior Backend Engineer - Cloud Native Security
Join SentinelOne as a Senior Backend Engineer to design and implement cloud-native security solutions.
Senior Full Stack Developer (Security & Compliance)
Join SAP as a Senior Full Stack Developer focusing on Security & Compliance, leveraging Java, SpringBoot, and Python.
Senior Backend Developer (PHP / Laravel)
Join Producthero as a Senior Backend Developer (PHP/Laravel) in Amsterdam. Work on innovative projects with a dynamic team.