CrawlJobs Logo

Security Engineer II - Threat Modeling & AI

uber.com Logo

Uber

Location Icon

Location:
Brazil , Sao Paulo

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Sec Eng at Uber means building for real-world impact under real-world constraints. As Uber rapidly adopts AI and agentic workflows, we must ensure this evolution is secure by design. We are looking for a hands-on Security Engineer to red team this emerging surface area, identify critical vulnerabilities across agents and tools, and drive the engineering changes necessary to mitigate them. This role isn't just about finding bugs; it’s about navigating the messy reality of high-stakes, fast-moving AI adoption. You will need to move from deep technical architectures to leadership-level risk discussions, often pushing back on designs with imperfect information. If you are a resilient problem-solver who enjoys unblocking teams while maintaining a high security bar, you will thrive here.

Job Responsibility:

  • Red team AI agents and developer tools to identify vulnerabilities, creating reproducible PoCs and clear mitigation paths for engineering teams
  • Translate complex standards like the OWASP Top 10 for LLMs into Uber-specific reference architectures and enforceable security controls
  • Drive findings through to completion by partnering across disciplines—including engineering, legal, and external vendors—to land fixes in a fast-paced environment
  • Scale your security testing by building automated evaluation harnesses and AI-driven regression coverage to keep pace with rapid deployment
  • Communicate residual risk to non-technical stakeholders and leadership, translating technical debt into actionable business decisions
  • Own the security bar for agentic workflows and vendor onboarding, ensuring that guardrails are integrated into the developer experience from day one

Requirements:

  • Senior/Staff seniority in a Security Engineer role, specifically within threat modeling or security architecture
  • Proficiency in Python or Go, with the ability to write modular, high-quality code and pass a technical coding interview
  • Experience performing offensive security testing and identifying architectural gaps in distributed systems (microservices, APIs, or cloud infrastructure)
  • Demonstrated knowledge of AI-specific security risks, including OWASP Top 10 for LLM or Agentic Applications
  • Bachelor’s degree in Computer Science, a related technical field, or equivalent practical experience

Nice to have:

  • Experience securing developer ecosystems, no-code platforms, or sandboxed execution environments
  • Proven track record of influencing cross-functional teams to implement security changes without direct authority
  • Experience building policy-as-code or automated security gates for model and tool onboarding
  • Ability to synthesize complex findings into leadership-ready recommendations that drive strategic business shifts
  • Hands-on experience with MCP-style tool calling and agent integrations

Additional Information:

Job Posted:
May 16, 2026

Work Type:
On-site work
Icon
Uber - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Security Engineer II - Threat Modeling & AI

Senior Security Engineer

Senior Security Engineer – Remote (US) – Competitive Salary Opportunity to work ...
Location
Location
United States
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related technical field
  • 5+ years of hands-on experience in security engineering or related roles
  • Expertise in secure software development, architecture design, threat modeling, CI/CD pipelines, and risk assessment
  • Deep knowledge of network, system, database, and application layer attack patterns and mitigation methods
  • Ability to clearly communicate complex concepts appropriately to multiple audience types
  • Coding skills necessary to discover and patch issues Node, TypeScript/React, Python
  • Solid understanding and experience with AWS, Heroku, Netlify, and Snowflake, including policy, configurations, and security management tooling
  • Proven track record with SOC 2, PCI DSS, or similar compliance frameworks and reporting
  • Experience working in startup or high-growth environments, fintech, and/or highly regulated industries preferred
  • Cloud security certifications with evidence of continued education in the area of security are a plus
Job Responsibility
Job Responsibility
  • Vulnerability Management: Conduct regular vulnerability assessments, penetration testing, and security audits to identify and remediate security gaps across our cloud infrastructure and applications
  • Security Monitoring: Monitor systems for security threats, suspicious behavior, and anomalies using SIEM tools and security monitoring and vulnerability platforms like CrowdStrike and Nessus
  • Incident Response: Lead security incident response efforts, investigate suspicious reports, and implement preventative measures that may be warranted
  • Code Security Reviews: Review and approve code (Node, React, Python) that accesses to data, authentication, or integrations, ensuring secure development practices are followed
  • Cross-functional Collaboration: Work closely with engineering and operations teams, including executive stakeholders and occasionally third-party service providers, to integrate security best practices into development and deployment processes
  • Architecture Review: Evaluate and provide security recommendations for system architecture changes (e.g. network segmentation, microservices, virtual environments, data warehousing, etc) and new feature implementations, including the evaluation of AI enablement opportunities
  • Cloud Security: Secure cloud deployments (AWS/Heroku/Netlify), including configuration of firewalls, IAM policies, VPCs, databases/data warehouses (PostgreSQL, Snowflake), API security, container security, and network monitoring
  • Access Controls: Manage and maintain access controls across server environments, implementing principle of least privilege
  • Data Classification: Advise and audit the proper handling of data in accordance with privacy and security requirements and data classification policies
  • Integration Security: Review and assess security implications of all third-party integrations and vendor relationships
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

Senior Security Engineer – Remote (US) – Competitive Salary Opportunity to work ...
Location
Location
United States
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related technical field
  • 5+ years of hands-on experience in security engineering or related roles
  • Expertise in secure software development, architecture design, threat modeling, CI/CD pipelines, and risk assessment
  • Deep knowledge of network, system, database, and application layer attack patterns and mitigation methods
  • Ability to clearly communicate complex concepts appropriately to multiple audience types
  • Coding skills necessary to discover and patch issues Node, TypeScript/React, Python
  • Solid understanding and experience with AWS, Heroku, Netlify, and Snowflake, including policy, configurations, and security management tooling
  • Proven track record with SOC 2, PCI DSS, or similar compliance frameworks and reporting
  • Experience working in startup or high-growth environments, fintech, and/or highly regulated industries preferred
  • Cloud security certifications with evidence of continued education in the area of security are a plus
Job Responsibility
Job Responsibility
  • Conduct regular vulnerability assessments, penetration testing, and security audits to identify and remediate security gaps across our cloud infrastructure and applications
  • Monitor systems for security threats, suspicious behavior, and anomalies using SIEM tools and security monitoring and vulnerability platforms like CrowdStrike and Nessus
  • Lead security incident response efforts, investigate suspicious reports, and implement preventative measures that may be warranted
  • Review and approve code (Node, React, Python) that accesses to data, authentication, or integrations, ensuring secure development practices are followed
  • Work closely with engineering and operations teams, including executive stakeholders and occasionally third-party service providers, to integrate security best practices into development and deployment processes
  • Evaluate and provide security recommendations for system architecture changes (e.g. network segmentation, microservices, virtual environments, data warehousing, etc) and new feature implementations, including the evaluation of AI enablement opportunities
  • Secure cloud deployments (AWS/Heroku/Netlify), including configuration of firewalls, IAM policies, VPCs, databases/data warehouses (PostgreSQL, Snowflake), API security, container security, and network monitoring
  • Manage and maintain access controls across server environments, implementing principle of least privilege
  • Advise and audit the proper handling of data in accordance with privacy and security requirements and data classification policies
  • Review and assess security implications of all third-party integrations and vendor relationships
  • Fulltime
Read More
Arrow Right

Security Operations Engineering II

Microsoft Teams is the hub for teamwork used by millions of users to be more eng...
Location
Location
United States , Redmond
Salary
Salary:
100600.00 - 199000.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience.
Job Responsibility
Job Responsibility
  • Identifies and addresses underlying causes of security shortcomings. Develops security guidance to address shortcomings and to build best practices. Ensures identified vulnerabilities are resolved correctly. Leverages latest tools and technologies (e.g., artificial intelligence) to identify and mitigate security issues with minimal guidance
  • Investigates, diagnoses, and triages security incidents with minimal guidance, deepening trust through proactive customer connection and crisis and incident response. Contributes to postmortem and root cause analyses for security incidents. Collaborates with others to create repair items, tools, and/or systems to support incident management. Begins to leverage Incident Management System(s) to update stakeholders during and after incidents as directed
  • Leads security reviews, including architectural and design reviews, and documents findings in analysis reports. Applies best practices in security architecture, design, and development across feature areas. Identifies security risks and potential impact and collaborates with others to mitigate risks, escalating when needed. Helps monitor and respond to security events, potential vulnerabilities, exposures, and policy compliance issues, escalating as needed
  • Contributes to efforts to ensure the correct processes are followed to achieve a high degree of security, privacy, safety, and accessibility. Checks for visible evidence (e.g., audit trail) to demonstrate compliance for product areas. Develops and holds an understanding of the implications of onboarding new technologies following expectations of compliance at Microsoft. Demonstrates and maintains an up-to-date understanding of both global and local regulations for technologies and system applications to ensure regulations are met
  • Uses appropriate artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC) in a disciplined manner. Takes responsibility for the content of their AI-generated changes to artifacts, reviewing all changes and applying appropriate tooling and processes with minimal guidance
  • Exhibits subject matter expertise in class or set of security issues, tools, mitigations, and processes (e.g., architecture, failure modes, attack chain, threat modeling, vulnerabilities). Provides guidance to others in areas of expertise. Maintains current knowledge by investing time and effort. Proactively seeks opportunities to learn.
  • Fulltime
Read More
Arrow Right

Security Engineer II

Microsoft Teams is the hub for teamwork used by millions of users to be more eng...
Location
Location
United States , Redmond
Salary
Salary:
100600.00 - 199000.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 1+ year(s) experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 2+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR equivalent experience
  • Preferred: Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, anomaly or detection (enterprise experience)
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 5+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
  • OR equivalent experience
Job Responsibility
Job Responsibility
  • Identifies and addresses underlying causes of security shortcomings
  • Develops security guidance to address shortcomings and to build best practices
  • Ensures identified vulnerabilities are resolved correctly
  • Leverages latest tools and technologies (e.g., artificial intelligence) to identify and mitigate security issues with minimal guidance
  • Investigates, diagnoses, and triages security incidents with minimal guidance
  • Contributes to postmortem and root cause analyses for security incidents
  • Collaborates with others to create repair items, tools, and/or systems to support incident management
  • Begins to leverage Incident Management System(s) to update stakeholders during and after incidents as directed
  • Leads security reviews, including architectural and design reviews, and documents findings in analysis reports
  • Applies best practices in security architecture, design, and development across feature areas
  • Fulltime
Read More
Arrow Right

Engineering Manager II - AI & Security

Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
uber.com Logo
Uber
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven engineering leadership experience managing teams in platform, infrastructure, or related domains at scale
  • Strong ability to operate in ambiguous problem spaces and translate them into clear technical direction
  • Working knowledge of security fundamentals (e.g., access control, data protection, secure system design), with the ability to partner effectively with domain experts
  • Experience building or working with ML/AI-driven systems
  • Track record of shipping and scaling production systems
  • Strong collaboration and communication skills across engineering, product, and security stakeholders
Job Responsibility
Job Responsibility
  • Lead and grow a high-performing team of software engineers and applied scientists, setting a high bar for execution, technical rigor, and collaboration
  • Define and drive the roadmap for security and AI-driven systems, translating ambiguous problem spaces into clear priorities and deliverables
  • Build intelligent systems that automate detection, classification, and remediation of risks across code, data, and infrastructure
  • Secure AI-powered applications through continuous evaluation, monitoring, and defense against emerging threats (e.g., prompt injection, data leakage, model misuse)
  • Partner with infrastructure, data, and product teams to embed security controls and signals into the developer ecosystem
  • Scale systems and processes that improve security posture while maintaining developer velocity
  • Fulltime
Read More
Arrow Right

Software Engineer II

We are seeking a skilled software engineer to join our team and help implement a...
Location
Location
Czech Republic , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science or related technical field AND technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python
  • OR equivalent experience.
Job Responsibility
Job Responsibility
  • AI-Native Development: Improves artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC)
  • Proactively takes responsibility for the content of their AI-generated requirements, design documents, code, and other assets, assisting other members of the team to do the same
  • Incorporates Responsible AI practices into the SDLC to ensure appropriate controls over AI-generated assets
  • Applies SDLC and engineering health measures (e.g., Accelerate, SPACE framework, Engineering System Success Playbook [ESSP]) to guide improvements to processes and practices, especially those involving AI
  • Experiments with AI tools and practices to improve their own capabilities, and provides recommendations on how to adopt them to other members of the team.
  • Coding: Leads by example across teams and mentors others to produce extensible, maintainable, well-tested, secure, and performant code used across products that adheres to design specifications
  • Leads efforts to continuously improve code performance, testability, maintainability, effectiveness, and cost, while learning about and accounting for relevant trade-offs
  • Identifies best practices and coding patterns (e.g., leveraging state-of-the-art generative artificial intelligence [GenAI], approaches to source code organization, naming conventions) and provides deep expertise in the coding and validation strategy
  • Creates and applies metrics to drive code quality and stability, appropriate coding patterns, and best practices
  • Identifies and anticipates blockers or unknowns during the development process, escalates them, communicates how they will impact timelines, and then leads efforts to identify and implement strategies and/or opportunities to address them.
  • Fulltime
Read More
Arrow Right

Cloud Security Engineer Ii (Aws, Secops)

We are looking for a hands-on Cloud Security Engineer II (AWS, SecOps) to be the...
Location
Location
Salary
Salary:
Not provided
tripadvisor.com Logo
Tripadvisor
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience securing a production environment in AWS
  • comfortable with its core security services (e.g., GuardDuty, Security Hub, WAF, CloudTrail)
  • good understanding of core AWS services beyond just security tools (e.g., VPC networking, EC2, RDS, S3, Lambda, EKS)
  • proficiency with Terraform for managing and securing cloud infrastructure
  • proven experience with the full lifecycle of security incidents
  • proficiency in at least one scripting language (e.g., Python, Go, Bash)
  • solid understanding of common web application vulnerabilities (OWASP Top 10)
  • demonstrated ability to use AI tools to improve efficiency, quality, and decision-making in day-to-day work
  • proven ability to operate effectively with a global-first mindset
Job Responsibility
Job Responsibility
  • Monitor, analyze, and investigate security alerts originating from our AWS infrastructure, application logs, and security tooling (WAF, SIEM, Cloud-Native tools)
  • respond to security incidents that directly impact the Tripadvisor Experiences application
  • triage vulnerabilities reported through our bug bounty program and other external sources
  • build and maintain security monitoring and alerting capabilities within our production environment
  • automate security operations tasks using scripting languages like Python or Go
  • configure, tune, and help manage security tools like our Web Application Firewall (WAF), AWS GuardDuty, and Security Hub
  • operationalize findings from application security tools (SAST, DAST, SCA) by working with engineering teams
  • conduct threat modeling for new features
  • collaborate with engineering teams and provide guidance on secure coding practices and architecture
What we offer
What we offer
  • Competitive compensation packages
  • base salary and annual bonuses
  • Work your way
  • flexible schedule
  • donation matching
  • tuition assistance
  • lifestyle benefit
  • travel perks
  • employee assistance program
  • health benefits
  • Fulltime
Read More
Arrow Right

Cloud Security Engineer II (AWS)

We are looking for a hands-on Cloud Security Engineer II (AWS) to be the first l...
Location
Location
Portugal
Salary
Salary:
Not provided
tripadvisor.com Logo
Tripadvisor
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience securing a production environment in AWS
  • Comfort with AWS core security services (e.g., GuardDuty, Security Hub, WAF, CloudTrail)
  • Good understanding of core AWS services beyond just security tools (e.g., VPC networking, EC2, RDS, S3, Lambda, EKS)
  • Proficiency with Terraform for managing and securing cloud infrastructure
  • Proven experience with the full lifecycle of security incidents
  • Proficiency in at least one scripting language (e.g., Python, Go, Bash) to automate security operations
  • A solid understanding of common web application vulnerabilities (OWASP Top 10)
  • Demonstrated ability to use AI tools to improve efficiency, quality, and decision-making
  • Proven ability to operate effectively with a global-first mindset
Job Responsibility
Job Responsibility
  • Monitor, analyze, and investigate security alerts originating from our AWS infrastructure, application logs, and security tooling
  • Respond to security incidents that directly impact the Tripadvisor Experiences application
  • Triage vulnerabilities reported through our bug bounty program and other external sources
  • Build and maintain security monitoring and alerting capabilities within our production environment
  • Automate security operations tasks using scripting languages
  • Configure, tune, and help manage security tools like our Web Application Firewall (WAF), AWS GuardDuty, and Security Hub
  • Operationalize findings from application security tools (SAST, DAST, SCA) by working with engineering teams to prioritize and remediate vulnerabilities
  • Conduct threat modeling for new features
  • Collaborate with engineering teams and provide guidance on secure coding practices and architecture
What we offer
What we offer
  • Competitive compensation packages
  • Annual bonuses
  • Work your way with flexibility
  • Flexible schedule
  • Donation matching
  • Tuition assistance
  • Lifestyle benefit
  • Travel perks
  • Employee assistance program
  • Health benefits
Read More
Arrow Right