Sr. Software Engineer - Vulnerability Management

About the Role We are seeking a hardworking Sr. Security Engineer to join our Vulnerability Discovery team. The new member of our team will focus on building out and scaling our asset inventory platform, as well as scaling our CORP and Infrastructure-wide security scanning capabilities. In addition, the nUber will work closely with our M&As in an effort to scale their Vulnerability Management function, close any remaining gaps, and improve patch health visibility into M&As' endpoints, mobile, prod, COPR and cloud infrastructure. You can expect to spend 50%+ of your time implementing new security tools, improving existing ones, as well as building out and deploying new security integrations. The nUber will also lead medium- to large-scale security projects, be responsible for creating long-term project roadmaps, prioritizing project objectives, as well as executing on those objectives and roadmaps in well-defined timelines. What You'll Do Design, build and deploy automation to scale infrastructure vulnerability discovery efforts across a growing list of M&As. Work closely with M&As around the world to set up and scale their Vulnerability Management function. Build out and scale our asset inventory platform. Drive vuln remediation across prod, CORP, cloud, endpoint and mobile assets. Provide actionable security guidance to asset owners in an effort to speed up vuln remediation. Mentor junior security engineers Basic Qualifications: Bachelor's in Computer Science or a related field or equivalent industry experience Experience in at least one security domain (e.g., infrastructure security, web security, etc.) Expertise in at least one of: Go, Java, Python, NodeJS, etc. Preferred Qualifications: Experience designing, implementing and deploying large distributed systems Prior vulnerability management experience Expertise in multiple security domains Ability to see the big picture, build out concise, comprehensive, yet realistic project plans Ability to communicate ideas and proposals concisely Proven track record demonstrating impact across several teams, organizations and/or security areas About the Team We are a team of software engineers with security mindsets. We lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities. To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in over 5,000 web services, endpoints, mobile devices, prod & CORP infrastructure. In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits. Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries, which we then deploy across our fleet of advanced security scanners. As a result, we expand the return on investment of our manual labor.