At Uber, we ignite opportunity by setting the world in motion. We take on big problems to help drivers, riders, delivery partners, and eaters get moving in more than 600 cities around the world.
We welcome people from all backgrounds who seek the opportunity to help build a future where everyone and everything can move independently. If you have the curiosity, passion, and collaborative spirit, work with us, and let's move the world forward, together.
About the Role
We are seeking a talented Security Engineer to join our Vulnerability Discovery team in Seattle, WA. The new member of our team will focus on providing high-quality vulnerability reports, creating one-click POCs for known vulnerabilities, as well as building out and scaling a regression testing platform to ensure that vulnerabilities that get fixed, stay fixed.
What You'll Do / What You'll Need / Bonus Points / About the Team
What You'll Do
* Work with our bug bounty triagers to validate incoming reports
* Provide root cause analysis of triaged vulnerabilities
* Create proof-of-concept scripts, where applicable, to enable one-click vuln reproduction
* Provide on demand security guidance to Uber engineers around the world to expedite vuln fixes
* Review vulnerability fixes and ensure security gaps are closed once and for all
* Build out and scale a platform to continuously run regression tests against known vulnerabilities
What You'll Need
* Hands-on Web-security experience discovering and fixing IDOR/XSS/SSRF/CSRF/RCE/etc. vulnerabilities
* Programming skills in at least one of: Go, Java, Python, NodeJS, etc.
* Ability to communicate ideas and proposals concisely
* Ability to distill complex security problems and drive towards creative solutions
* Passion to do the right thing and have a global impact
Bonus Points If
* Experience performing threat modeling, design and code reviews to assess security implications and requirements for the introduction of new systems and technologies
* Prior bug hunting and/or bug triage experience
* Experience scripting proof-of-concepts for known vulnerabilities
About the Team
We are a team of 10X engineers that lead the principled vulnerability discovery initiative at Uber. We ensure code running in production adheres to company-wide security standards and is devoid of known security vulnerabilities.
To that end, we build and deploy top-notch taint tracking systems leveraging control-flow and data-flow analysis techniques to scan and report new security findings in over 5,000 services.
In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits.
Finally, we leverage research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we 10X the ROI of our manual labor. Our constantly increasing corpus of security queries enables us to perform automated, systematic and comprehensive security analysis across all of Uber's applications and services.
Uber is a provider of a mobile application connecting passengers with drivers for hire.