We launched our Security team in Amsterdam in late 2022. Now, nearly 20 engineers at our EMEA HQ are driving diverse security initiatives, including defense platforms, platform security engineering, enterprise security, cyber defense, and application/product security. Below, we chatted with four of them about the work they’re doing.
Meet the team
Roman Klyuev Network Security | Lin Wei Mobile Security | Artem Myagkov Platform Security | Giovanni Schiavon Production Security |
Why did you join the Security team at Uber? What surprised you?
Security is always on the forefront. | |||
I was reading the LinkedIn page of my hiring manager and could clearly see his passion for programming. I was sure I would be working with knowledgeable engineers and find intellectual excitement in it. | |||
Although I had never considered security positions previously, learning about security was always my priority. I liked that the role required core software engineering skills. I was surprised to learn about the scale of the problems that the team works on and the rigor with which they approach building security systems. | |||
I was looking for security opportunities in the Netherlands, and coincidently I was approached by Uber’s sourcing team and the interview process went incredibly fast and was well organised. What really surprised me when I joined was the small amount of red tape and the speed of the engineering execution. |
What aspects of Uber’s business are you working on that are industry-leading?
We need to know Cloud, Kubernetes, automation and AI in depth, and then some. | |||
We take multiple approaches to enforce integrity of devices accessing Uber’s services. Bad actors using compromised clients (devices and apps) can modify their software and lock out good users. These include fraud, airport gaming, cherry-picking long trips, etc. We build technologies to detect inauthentic clients and ensure marketplace equity. | |||
We work with and contribute to industry-leading open-source technologies like HashiCorp Vault, Kubernetes, Envoy, Istio and SPIFFE/SPIRE. | |||
We use a mix of commercial solutions and custom-developed software to manage the lifecycle of both assets and vulnerabilities, and to orchestrate vulnerability scanners. |
How are you using tech differently than other companies?
We do not have much split between development and operations. The same teams that develop software products also maintain and support them. This creates unique challenges in how we balance availability and innovation. | |||
Other companies use AppAttest and Android key attestation for device and app integrity and anti-tampering. But at Uber we build on these technologies and design our own flow of attestation, which integrate closely with our infrastructure like our observability platform and risk system. This helps improve robustness and reduce latency. | |||
We’re applying cutting-edge technologies and security techniques to enable the security of Uber systems. We need to adopt many of these technologies to operate at Uber’s scale and global footprint, which makes it challenging and unique. | |||
The scale of Uber. The whole infrastructure we created needs to be able to handle every production server, cloud asset, every software running on them, every employee laptop, and all the many pieces of hardware and software that Uber uses that don’t fall in those categories. |
What is the best part of your job?
Our team is still newer, so we have more freedom than similar teams in older companies. At the same time, our scale presents unique challenges if you’re interested in complex projects. Currently we’re rethinking many aspects of our architecture and (re-)building products from scratch. | |||
We have a truly global technological impact beyond Uber. And we aren’t only protecting clients of Uber from being hacked, but helping other companies as well. | |||
There’s no shortage of exciting and challenging problems. You work on solving them with a team of intelligent people and supportive leaders. | |||
I work with the greater Enterprise Security team from Uber. Communication channels are very dynamic and things happen fast. This team also manages vulnerabilities for all the teams at Uber and it’s quite exciting. |
What complex challenges is the team solving?
How we interact with other teams. Great minds don’t think alike, and we constantly need to balance different ideas. Also, our cultural value One Uber encourages us to focus on something bigger than any single team. Balancing between the two is our daily challenge, which is also very interesting to do! | |||
This is a cat-and-mouse game. New phone models and operating systems are being developed everyday. New exploits, root, and jailbroken techniques will always emerge. We have to stay up-to-date with the latest technologies. | |||
The broader Platform Security team is working on improving security systems’ availability and reliability. As our technologies are at the foundation of Uber’s production infrastructure, we must provide the highest service availability and make sure we can tolerate failures of hardware, availability zones, and entire regions. | |||
Working with different interfaces and teams and understanding all of these complex systems. They literally touch all platforms within Uber and one of the most challenging pieces is to understand the best way to secure those things. |
Posted by Uber
Category:
Come reimagine with us
Related articles
Most popular
Drive, Driver productsNovember 27 / Côte d'Ivoire
Helping drivers stay alert behind the wheel
Engineering, Data / MLDecember 11 / Global
Serving Millions of Apache Pinot™ Queries with Neutrino
TransitDecember 13 / Global
Your guide to NJ TRANSIT’s Access Link Riders’ Choice Pilot 2.0
Engineering, BackendOctober 3 / Global
Making Uber’s ExperimentEvaluation Engine 100x Faster
Select your preferred language
Products
Company