Sr. Security Engineer - Bug Bounty

About the Role We are seeking a hardworking Sr. Security Engineer to join our Bug Bounty team. In this role, you will build relationships with the security research community through daily interactions, virtual promo bug bounty events and live hacking events. In addition, you will be verifying bug bounty reports, performing root cause analysis, and assessing their impact while partnering with engineering teams across the company to track vulns through remediation. In addition, you will be building out services to automate common bug bounty processes, as well as designing, implementing and deploying automation to scale Bug Bounty operations across a growing list of M&As spread all over the world. The ideal candidate will have a solid background in Computer Science or Security and be able to work effectively with external and internal partners in a collaborative and fast paced environment. What You'll Do Validate and triage bug bounty reports. Perform threat modeling and code reviews to assess the security implications of patches, new features, systems and technologies. Create 1-click POCs for common security vulnerabilities. Design, implement and deploy automation to solve common bug bounty tasks. Scale & expand our regression testing platform. Design, implement and deploy automation to scale vuln variant discovery. Identify novel attacks and security weaknesses in company owned apps and services; Automate their discovery using state-of-the-art control-flow and data-flow analysis techniques, methods and tools. Provide security guidance to application and service owners to remediate security vulnerabilities. Mentor junior security engineers Basic Qualifications: Bachelor's in Computer Science or a related field. Expertise in at least one security domain (e.g., web security, mobile security, authentication/authorization, etc.) Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10) Programming skills in at least one of: Go, Java, Python, NodeJS, etc. Preferred Qualifications: Master's in Computer Science or a related field. Prior bug bounty, appsec or vuln management experience. Expertise in multiple security domains or crypto systems. Experience designing, implementing and deploying large distributed systems Ability to work with and get consensus from cross-functional teams. Organized, self-motivated, and comfortable in a fast-paced environment. Ability to motivate internal teams to prioritize security vulnerabilities in addition to OKR work. Ability to see the big picture, build out concise, comprehensive, yet realistic project plans. About the Team We are a team of software engineers with security mindsets. We lead the principled vulnerability discovery initiative at Uber. We ensure that all code at Uber adheres to company-wide security standards and is devoid of known security vulnerabilities. To that end, we design, develop and deploy automation to detect, track and remediate vulnerabilities in thousands of web services, tens of thousands of client endpoints and mobile devices, and hundreds of thousands of prod & CORP infrastructure assets. In addition, we crowdsource security intelligence via our Bug Bounty program, red team exercises, as well as manual and automated security audits. Finally, we use research-quality CFG and DFG principles to codify the latest security breakthroughs into custom queries. We then deploy those queries across our fleet of advanced security scanners. As a result, we create efficiency and deliver results at the speed of automation.