Life at UiPath
The people at UiPath believe in the transformative power of automation to change how the world works. We’re committed to creating category-leading enterprise software that unleashes that power.
To make that happen, we need people who are curious, self-propelled, generous, and genuine. People who love being part of a fast-moving, fast-thinking growth company. And people who care—about each other, about UiPath, and about our larger purpose.
Could that be you?
Your Mission
UiPath is looking for a AppSec Engineer to help and grow the security assessment function related to its products, online and corporate infrastructure. This is a deeply technical role which implies developing and applying formal security centric assessments against existing and in-development UiPath products as well as UiPath’s online and corporate IT environment. The person in this role may also assist in investigating security incidents. The AppSec Engineer will work with stakeholders (security team peers, software engineers/developers, corporate IT staff, Site Reliability Engineers, Cloud Operations staff), and is responsible of detailing and executing the testing plans and strategies, while also building clear and concise reports.
A successful AppSec Engineer at UiPath is a self-starter, with strong analytical and problem-solving skills. The ability to maneuver in a fast-paced environment is critical, as well as handling ambiguity coupled with a deep understanding of various security threats. As a true owner of security in UiPath, great writing skills are needed, coupled with the ability to interact with stakeholders across multiple departments and teams. The AppSec Engineer acts as a mentor for technical peers and can transpose testing strategies and results in high level non-technical language.
What You'll Do At UiPath
- Penetration testing of UiPath products and IT infrastructure
- Secure Code Reviews
- Threat Modelling and Security Architecture Reviews
- Recommendation of threat mitigations
- Security training and outreach to internal development teams
- Security guidance documentation
- Security tool development
- Security metrics delivery and improvements
- Assist in investigating security incidents
What You'll Bring To The Team
Bachelor's Degree in Computer Science or related field, or equivalent work experience
- Solid understanding of Web Application penetration testing
- 3-5 years of experience with penetration testing at application and infrastructure layer
- Experience in working with developers, with skills in coding/scripting
- Experience in performing security focused code review with a plus in creating custom CodeQL queries.
- Good understanding of cyber-attack tools and techniques
- Good knowledge of attacking services hosted in cloud (Azure, AWS, GCP)
- Experience writing POCs for discovered vulnerabilities
- Good knowledge of operating system, network and database security
- Advanced knowledge and understanding of web application security
- Experience using various penetration testing tools (such as, BurpSuite, Metasploit, Nessus, etc.)
- Ability to dive deep into problems and strong analytical and skills
- Understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP,HTTPS)
Nice to have
- Understanding of cryptography, web service frameworks
- Experience with vulnerability research, bug bounty programs (HackerOne, Intigriti, etc) and CTF competitions
- Experience with .Net, Javascript, C#, Java and python for scripting
- Ability to automate and script your findings
- Professional certifications: OSCP, OSWE or equivalent preferred
- Experience with docker, kubernetes or other containerization technologies
Maybe you don’t tick all the boxes above— but still think you’d be great for the job? Go ahead, apply anyway. Because we know that experience comes in all shapes and sizes—and passion can’t be learned.
Many of our roles allow for flexibility in when and where work gets done. Depending on the needs of the business and the role, the number of hybrid, office-based and remote workers will vary from team to team. Applications are assessed on a rolling basis and there is no fixed deadline for this requisition. The application window may change depending on the volume of applications received or may close immediately if a qualified candidate is selected.
We value a range of diverse backgrounds, experiences and ideas. We pride ourselves on our diversity and inclusive workplace that provides equal opportunities to all persons regardless of age, race, color, religion, sex, sexual orientation, gender identity and expression, national origin, disability, neurodiversity, military and/or veteran status, or any other protected classes. Additionally, UiPath provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review these and other legal disclosures, visit our privacy policy.
