Technical Security Engineer

It takes powerful technology to connect our brands and partners with an audience of nearly 900 million. Whether you’re looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process trillions of data points a day, what you do here will have a huge impact on our business—and the world. Want in?

Yahoo is a values-led company committed to building brands people love. We reach over one billion people around the world with a dynamic house of 50+ media and technology brands. A global leader in digital and mobile, Yahoo is shaping the future of media.

When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet. We are the information security team at Yahoo. People call us "The Paranoids".

For 30 years we have been at the leading edge of technology, and we don't plan on slowing down. From building our own award winning data centers, to building our own private cloud, and now moving to the public cloud, we want motivated, intelligent, hands on innovators who love to try something new. With the world's largest technology playground at our fingertips, we invite you to come play along.

Responsibilities

The Technical Security Engineer position is within Yahoo's IT Security group whose mission is to deliver information security solutions and services to protect Yahoo information assets, computing infrastructure, applications, and data. The engineer will work within the vulnerability management team helping to identify and mitigate risks against Yahoo. The ideal candidate will have great interest in information security, has hands-on security engineering experience, and be able to come up with creative and unique solutions to security- related problems in order to address today’s evolving technical security threats.

The engineer will perform technical security activities including the following:

• Support the New Vulnerability/Zero Day program with detection, assessment, communication, remediation coordination of security vulnerabilities.

• Perform vulnerability scan, analysis, validation and remediation activities.

• Validate vulnerabilities discovered through scan and code analysis.

• Classify and prioritize the risk of new vulnerabilities according to the specifics of Yahoo environment's risk level, mitigating factors, and assessment of the impacts of internal and external threats.

• Analyze large datasets to address vulnerabilities across the company.

• Monitor public and proprietary data sources for vulnerability intelligence.

• Work with partners to coordinate the remediation of identified security issues.

• Provide security guidance to Yahoo product teams including developers and system administrators.

• Build scripts to automate daily processes to address vulnerabilities faster.

• Perform technical and non-technical compliance activities.

• Perform validation of security relevant configuration settings on various platforms and  systems.

• Assist engineers responsible for remediating vulnerabilities. 

• Develop metrics and dashboards for vulnerability management functions.

• Maintain and compose operational process documentation regarding program execution.

Minimum Qualifications

• Bachelor’s degree or equivalent work experience in a technical field.

• A strong interest in the field of information security.

• Strong understanding of common application, network, and OS vulnerabilities (Linux, Windows and OSX), patching, and attack patterns.

• Experience with core vulnerability management scanners (e.g. Tenable, Nexpose, Qualys, etc.).

• Experience with various vulnerability assessment solutions, vulnerability management, patch management, software development life cycle (SDLC), host based security systems, networking, systems administration, application development, cloud computing and information security best practices.

• Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.

• Stays up to date with current vulnerabilities and vulnerability related news in various industries.

• Familiar in a variety of web application protocols, operating systems and networking technologies.

• Strong understanding of common cloud platforms.

• Basic level Splunk capabilities

Desired Qualifications

• Strong analytical, problem solving and engineering skills.

• Strong written and verbal communication skills.

• Basic scripting, system administration or software engineering background (e.g. Python, Ruby, Javascript, Perl, or Java).

• Experience with parsing / analysis of large data sets (e.g. vulnerability scan results).

• Previous experience working in large scale environments with diverse technologies

• Self-motivated and operates with a high sense of urgency and a high level of integrity with the ability to shift priorities quickly

• Experience working with limited and ambiguous data

• Experience collaborating with different levels of leadership, engineers and cross-functional teams

Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call 408-336-1409. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

At Yahoo, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion (www.yahooinc.com/diversity/) page to learn more.

The compensation for this position ranges from $88,500.00 - $184,375.00/yr and will vary depending on factors such as your location, skills and experience. The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus or commissions, in addition to equity incentives. Yahoo provides industry-leading benefits including healthcare, 401K savings plan, company holidays, vacation, sick time, parental leave and an employee assistance program. Eligibility requirements apply.

Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements. 

If you’re curious about how this factors into this role, please discuss with the recruiter.

Currently work for Yahoo? Please apply on our internal career site.