AppSec Jobs
← Back to all jobs

Uber

Senior Security Engineer

Seattle, WAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Uber

Uber is a global technology company founded in 2009, specializing in ride-hailing, food delivery, and logistics services. It started as UberCab in San Francisco, inspired by the challenges of hailing taxis in Paris. The company has grown significantly, operating in over 600 cities worldwide and offering a range of services that include UberX for standard rides, premium options for larger groups, and shared transport services. In addition to ride-hailing, Uber has developed a robust food delivery service through Uber Eats and a logistics platform with Uber Rush for package delivery. The company emphasizes community engagement and job creation while adapting its services to meet local market needs. With a focus on convenience, the Uber app allows users to hail rides, track their drivers, and make payments in real-time.

Industry

internet

Employees

32,000

7475 engineers

Revenue

$52B

Website

Visit →

Security at Uber

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Uber's AppSec philosophy centers on 'Risk-based prioritization' and developer enablement.
  • They aim to replace 'direct superuser command execution with a reviewed, auditable path' using guardrails.
  • The security organization's stated mission is to be 'dedicated to enabling safe and secure innovation,' suggesting an enablement-focused approach rather than strict gatekeeping.

Security Team

  • Uber maintains a centralized 'Application Security team' within its broader security organization.
  • Key public-facing contributors include Pavi Subenderan (Staff Software Engineer, Data Security), Chen Xi, Yiting Fan, Matt Mathew, Ludi Li, and Jyoti Grewal.
  • Job postings indicate the team is responsible for AI-driven vulnerability scanning, agent-based discovery, and intelligent asset indexing.
  • The security organization is described as being 'dedicated to enabling safe and secure innovation.'.

Key Initiatives

  • Current initiatives include the 'Superuser Gateway,' which 'triggers peer review, runs automated validation on requested commands' to secure privileged access.
  • Another major initiative is the 'multi-cloud secrets management platform,' which includes a 'CLI tool that runs as the pre-commit hook in Git.' The team is also 'currently working on enabling a security copilot within IDEs.'.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.