Uber is a transportation company that has developed a mobile app to connect passengers with drivers. As an employer, Uber believes in the power to "shape the wo
Staff AI Security Engineer
Location
California + 2 moreAll locations: California | Washington | New York
Posted
16 hours ago
Salary
$232K - $258K / year
Seniority
Senior
Job Description
Staff AI Security Engineer
Uber
Title: Staff AI Security Engineer - (Agentic Systems) Locations: San Francisco, California / Seattle, Washington / Sunnyvale, California / New York City, New York Team Engineer Subteam Software Engineering Hybrid Job Description: About the Role Our mission is to protect, defend, and secure Uber's products, infrastructure, and data by building highly available, scalable, and extensible security solutions and services. We are seeking a Staff Security Engineer to join the Cyber Defense team to drive the development of our next-generation security platforms focused on leveraging AI/ML/GenAI. In this role, you will be a passionate and pragmatic technologist, designing scalable systems while delivering high-quality code. You will architect and implement industry-leading security solutions, including the AI-orchestrated attack platform and autonomous security agents, to stay ahead of sophisticated, AI-driven threats. As a Staff Engineer, you are not only a technical role model but also an empathic leader and humble teacher, mentoring a team of passionate engineers while delivering uniquely challenging projects. ---- What the Candidate Will Do ---- - AI-Driven Red Teaming Platform: Architect and implement the end-to-end AI-driven red teaming platform to automate threat intelligence processing, vulnerability research, and attack execution. - Agentic Incident Response: Design and build autonomous security agents for threat hunting and incident triage/response to achieve defense at machine speed. - Secure AI Environment: Define and maintain secure, air-gapped environments for the safe development and execution of advanced AI/ML models for adversary simulations. - Technical Leadership: Set technical direction for specific projects by identifying priorities, managing expectations, and considering tradeoffs. - Engineering Excellence: Champion best software engineering practices and empower teams to build a culture of quality and operational excellence. - Cross-Functional Collaboration: Partner with IT, product, and various security teams to integrate security posture improvements across the entire environment. ---- Basic Qualifications ---- - BS/MS Degree in Computer Science, Engineering, or a related field. - 7+ years of industry experience in a software development or security engineering environment. - Proficiency in programming languages such as Golang, Java, or Python. - Deep understanding of distributed systems, high-availability, and high-performance system design. - Hands-on experience with Cyber Defense such as incident response, investigation, and threat detection. ---- Preferred Qualifications ---- - Master's Degree or PhD in Computer Science, Engineering, Information Security or a related field. - Prior experience in Red Teaming, building AI-driven attack tools, threat detection, and incident response. - Deep experience incorporating GenAI agents into production security services, specifically for automation or vulnerability discovery. - In-depth knowledge of security software frameworks, including EDR solutions (e.g., CrowdStrike, SentinelOne) and SIEM platforms (e.g., Splunk, Chronicle). - Strong understanding of security frameworks and standards (e.g., NIST CSF, ISO 27001). For New York, NY-based roles: The base salary range for this role is USD$232,000 per year - USD$258,000 per year. For San Francisco, CA-based roles: The base salary range for this role is USD$232,000 per year - USD$258,000 per year. For Seattle, WA-based roles: The base salary range for this role is USD$232,000 per year - USD$258,000 per year. For Sunnyvale, CA-based roles: The base salary range for this role is USD$232,000 per year - USD$258,000 per year. For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. All full-time employees are eligible to participate in a 401(k) plan. You will also be eligible for various benefits. Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuels progress. What moves us, moves the world - let's move it forward, together. Uber is proud to be an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form. Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Title: Forward Deployed Security Engineer Location: Washington, DC Hybrid Job Description: About the Team Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture. About the Role Our technologies support some of the most important and impactful work in the world, including our strategic and high-impact customers in the public sector. As a Forward Deployed Security Engineer (FDSecE) you will be responsible for securing these novel applications of OpenAI’s technology. We’re looking for motivated, tenacious, and curious people who will work closely with engineering teams to ensure our infrastructure deployments are highly secure against our adversaries. As an FDSecE, you will embed directly throughout the lifecycle, working on-site and being hands-on to ensure the overall security of these deployments from design to production and through ongoing operations. This role is preferred to be based in Washington DC but may consider remote work. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees. Travel to and working from customer sites is required for this role. In this role, you will: - Deeply embed with our most strategic public sector customers to implement and maintain robust security controls. - Be a design and technical thought partner by leveraging security expertise on protective controls including access controls, authentication, encryption, network, and system security. - Collaborate closely with teammates, cross-functional teams, customers, and service providers to achieve security and compliance goals. - Ensure continuity of critical security and monitoring controls through routine security assessments, threat monitoring, and security validation exercises. You might thrive in this role if you have: - An active US security clearance. - 5+ years of security engineering experience, with an emphasis on infrastructure security, application security, network security, datacenter security, and systems engineering. - Familiarity with deployment models, including to cloud platforms (Azure, AWS) and the underlying infrastructure primitives (Kubernetes, Terraform) - Proficiency in programming languages such as Python, Golang, or similar. - A proven track record of developing high-quality, scalable, and secure infrastructure. - Experience with security operations including insider threat monitoring, network/endpoint detection and response, or red team or penetration testing operations. - Comprehensive knowledge of modern adversary tactics, techniques, and procedures. - The ability to work collaboratively and effectively in a cross-functional team environment. - Thrive in dynamic environments and can navigate ambiguity with ease. Compensation - $293K – $385K • Offers Equity The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits. - Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts - Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit) - 401(k) retirement plan with employer match - Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks) - Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees - 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law) - Mental health and wellness support - Employer-paid basic life and disability coverage - Annual learning and development stipend to fuel your professional growth - Daily meals in our offices, and meal delivery credits as eligible - Relocation support for eligible employees - Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided. More details about our benefits are available to candidates during the hiring process. This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.
• executing the full RMF lifecycle across all information systems and applications • leading security assessment activities with the goal of maintaining a 100% Authority to Operate (ATO) status • ensuring the rigorous application of cybersecurity policies • managing system remediation efforts • designing critical contingency plans • championing cybersecurity awareness across the organization
• Avint is seeking a highly motivated Senior Security Controls Assessor (SCA) in support of a critical federal contract. • The Senior SCA is a subject matter expert responsible for executing comprehensive, independent assessments of the organization’s most complex information systems, applications, and cloud infrastructures. • Operating as a senior-level individual contributor, this role focuses on verifying the implementation, correctness, and effectiveness of technical, operational, and management security controls. • The Senior SCA handles the most complex, critical, or sensitive system assessments, serving as a technical mentor to junior assessors and a primary technical advisor to system owners during the Risk Management Framework (RMF) lifecycle.
• Conduct security control assessments of information systems using interview, examination, and testing methods • Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements • Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps • Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls • Document detailed testing results and draft sections of the Security Assessment Report (SAR), ensuring clear explanations of non-compliant findings • Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms • Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies • Collaborate with the Risk Management team to ensure assessment data accurately informs the organization’s continuous monitoring strategy • Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques • Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle • Participate in the development and refinement of enterprise information security policies, standards, and guidelines


