What the Candidate Will Need / Bonus Points- What the Candidate Will Do -

• Incident Response: Act as a first responder to security alerts, triaging and containing threats across the Uber platform.
• Forensic Analysis: Investigate security incidents by analyzing logs, network traffic, and host data to determine the root cause, scope, and impact.
• Automation: Develop and deploy scripts and playbooks to automate incident response workflows and improve team efficiency.
• Threat Hunting: Proactively search for emerging threats and vulnerabilities using threat intelligence to mitigate risks before they can be exploited.
• Collaboration: Partner with other teams to share threat intelligence, recommend security improvements, and communicate incident findings

- Basic Qualifications -

• Bachelor’s degree in Computer Science, Information Security, or a related field..
• 3+ years of professional experience in a security-focused role, such as Incident Response, Security Operations, or Digital Forensics.
• Proven experience with incident response and handling in a professional environment.
• Familiarity with common security tools and technologies (e.g., SIEM, EDR, network monitoring).
• Experience in a scripting language (e.g., Python, Bash) for task automation and data analysis.
• Strong problem-solving skills and the ability to work effectively under pressure.
• Excellent written and verbal communication skills

- Preferred Qualifications -

• Experience in a large-scale, enterprise environment, particularly within the technology sectors.
• Hands-on experience across multiple domains such as network, hosts, applications, data, cloud security etc.
• Strong understanding of network protocols, TCP/IP, and firewall concepts.
• Knowledge of scripting and development in languages like Python or Go.
• Experience with ML and GenAI security concepts is a plus

The CyberSecurity Incident Response team (CIRT) is at the forefront of protecting Uber, our customers, and our partners from evolving security threats. We are a hands-on, fast-paced team that responds to security incidents, conducts forensic investigations, and builds automated solutions to scale our defence.

As a Security Analyst on the CIRT team, you will be a key player in our incident response efforts. This is a technical and investigative role where you’ll be responsible for:

• Responding to security incidents and mitigating threats across the company.
• Conducting in-depth investigations and digital forensics to uncover the root cause of attacks.
• Developing and implementing automation solutions using tools like SIEM and SOAR to improve our response capabilities.
• Collaborating with other security and engineering teams to address vulnerabilities and strengthen our security posture.
• Communicating your findings clearly and concisely to help shape our long-term security strategy.

We are looking for someone who is passionate about solving complex security puzzles and is eager to build innovative solutions to protect a global platform.

What the Candidate Will Need / Bonus Points- What the Candidate Will Do -

• Incident Response: Act as a first responder to security alerts, triaging and containing threats across the Uber platform.
• Forensic Analysis: Investigate security incidents by analyzing logs, network traffic, and host data to determine the root cause, scope, and impact.
• Automation: Develop and deploy scripts and playbooks to automate incident response workflows and improve team efficiency.
• Threat Hunting: Proactively search for emerging threats and vulnerabilities using threat intelligence to mitigate risks before they can be exploited.

• Collaboration: Partner with other teams to share threat intelligence, recommend security improvements, and communicate incident findings.

• Basic Qualifications -

• Bachelor’s degree in Computer Science, Information Security, or a related field..

• 3+ years of professional experience in a security-focused role, such as Incident Response, Security Operations, or Digital Forensics.
• Proven experience with incident response and handling in a professional environment.
• Familiarity with common security tools and technologies (e.g., SIEM, EDR, network monitoring).
• Experience in a scripting language (e.g., Python, Bash) for task automation and data analysis.
• Strong problem-solving skills and the ability to work effectively under pressure.

• Excellent written and verbal communication skills.

• Preferred Qualifications -

• Experience in a large-scale, enterprise environment, particularly within the technology sectors.

• Hands-on experience across multiple domains such as network, hosts, applications, data, cloud security etc.
• Strong understanding of network protocols, TCP/IP, and firewall concepts.
• Knowledge of scripting and development in languages like Python or Go.
• Experience with ML and GenAI security concepts is a plus.