Security Engineer

About The Role

As a Staff Security Engineer, you will be the lead architect for Uber’s next‑generation cloud security infrastructure. Operating at the intersection of Cloud Architecture and Applied AI, you will move beyond static controls to build a dynamic, autonomous security ecosystem across our multi‑cloud estate, especially GCP and OCI. Your mission is to transform Cloud Security Posture Management (CSPM) from a reactive alerting system into a proactive, self‑healing machine.

You will spearhead the use of GenAI and AI Agent Orchestration to automate complex security reasoning and build intelligent agents that can independently analyze, prioritize, and remediate exploitable risks  will also provide security design solutions to support Uber’s new business initiatives to ensure secure‑by‑design and compliance.

What the Candidate Will Do

• Strategic Architecture:
  Define the long‑term roadmap for Identity‑centric security and automated posture management for tens of thousands cloud users.
• AI Orchestration:
  Design and deploy Multi‑Agent systems and RAG pipelines to automate the end‑to‑end security remediation lifecycle.
• Scaling Control:
  Implement "LLM‑as‑a‑Judge" frameworks to ensure the safety and precision of autonomous security actions.
• Harden the Perimeter:
  Eliminate security hotspots and enforce secure‑by‑default baselines across all cloud platforms.
• Technical Leadership:
  Serve as a force‑multiplier, mentoring engineers and bridging the gap between security research and production engineering.

• Multi‑Cloud Expertise: 5+ years of experience in Cloud Security, with direct, hands‑on experience architecting and securing Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI).
• Security Posture Management:
  Expert‑level understanding of CSPM frameworks, deep knowledge of IAM, Network, vulnerability management (CVE reachability), and the automation of security baselines at scale.
• Backend Systems Engineering:
  Proven track record of building scalable distributed systems (Go, Python, or Java) and managing complex security pipelines in large‑scale environments.
• Applied GenAI:
  Professional experience with LLM application development, including RAG patterns, vector databases, and AI Agent orchestration frameworks (e.g., Lang Chain, Auto Gen).

• Strategic Translation & Execution:
  Proven ability to translate complex business objectives and regulatory compliance requirements (e.g., SOX, GDPR, PCI) into high‑level architectural designs and actionable technical roadmaps. You should have a track record of bridging the gap between legal/audit stakeholders and engineering execution.
• Security Innovation:
  Experience pioneering the use of emerging technologies to solve legacy security debt, specifically using AI/ML to automate compliance auditing or to perform predictive risk analysis.
• Cross‑Functional Influence: A history of leading large‑scale security transformations by influencing senior leadership and partnering with Dev Ops/Infrastructure teams to adopt "Security‑as‑Code" practices.
• CNAPP Proficiency:
  Extensive experience operationalizing Cloud‑Native Application Protection Platforms (CNAPP) such as Wiz or Orca. Must be able to leverage these tools for deep visibility, risk prioritization (attack path analysis), and automated compliance monitoring.

For San Francisco, CA‑based roles:
The base salary range for this role is USD $232,000 per year – USD $258,000 per year. For Seattle, WA‑based roles:
The base salary range for this role is USD $232,000 per year – USD $258,000 per year. For Sunnyvale, CA‑based roles:
The base salary range for this role is USD $232,000 per year – USD $258,000 per year. For all US locations, you will be eligible to participate in Uber’s bonus program and may be offered an equity award & other types of compensation. All full‑time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits.

More details can be found at the following link