Paranoids Product Security Engineer II

Company: Yahoo!
Location: Sunnyvale
Posted on: November 18, 2022

Job Description:

It takes powerful technology to connect our brands and partners with an audience of nearly 900 million. Whether you're looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process trillions of data points a day, what you do here will have a huge impact on our business-and the world. Want in?About the team:When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.We are the information security team at Yahoo. People call us "The Paranoids".Responsibilities:The Paranoids seek a Product Security Engineer to work part-time as both our Bug Bounty Program Technical Lead as well as part-time as the second member of our Security Champion Program team.Activities include the following:

• Support our bug bounty team with impact analysis and technical deep dives
• Organizing security reviews for products that are in scope for live hacking events, or being added newly into scope of our Bug Bounty program
• Work with Paranoid program leads and teams to build material for our Security Champion programs
• Work with Yahoo Engineering teams to recruit, endorse, and utilize our Security Champions
• Assist with organizing events around our Security Champion and Bug Bounty programs
• When needed, perform penetration testing as part of security review
• Be a key contributor to our Dynamic Analysis and PenTesting sub-team
• Evaluate and operationalize new technologies for securing the organization
• Contribute to guidelines and run-books for penetration tests and other security practices
• Train and mentor Security Champions around security best practices
• Train and mentor Product Security engineers on best practices around performing penetration tests
• Contributing to the Product Security Life Cycle effort, utilizing bug bounty reports to identify, pentest, and find additional exposure in our network
• Provide tier 3 engineering support to remediate critical security bugsRequirements:
  • 4+ years of hands-on technical experience in penetration testing within a professional capacity
  • Ability to incrementally review designs, code, and operation at DevOps pace
  • Ability to deeply review design, code, and operation consistent with classic security analyses
  • Knowledge of application security vulnerabilities, penetration testing, and countermeasures
  • Experience with application programming and the overall software development life cycle
  • Ability to prioritize between and execute on multiple work streams
  • Bachelor's degree in CS/EE or related area or equivalent job experience
  • Good written and verbal communication skills for conveying security concepts and engineering solutions
  • Excellent organizational and interpersonal skillsPreferred Qualifications:Candidates will bring multiple of the following:
    • Secure coding concepts such as web app sec, cryptography, SSO/Oauth/OpenId, mobile app sec
    • Programming experience with JavaScript, React, Java, Python, Go, or C/C++
    • Cloud security including with AWS
    • Internet protocols including TCP/IP and HTTP
    • Any of GIAC, CISSP, CSSLP, OSCP, CCSP, and similar#LI-SO1Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call 408-336-1409. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.At Yahoo, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion (www.yahooinc.com/diversity/) page to learn more.US Only: Please be aware that Yahoo requires all employees entering a U.S. Yahoo office and/or attending a company event (including client events) are required to be vaccinated for COVID-19. This position will require the successful candidate to obtain and show proof of a vaccination to enter a U.S. Yahoo office and/or attending a company event (including client events). Yahoo is an equal opportunity employer, and will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.The compensation for this position ranges from $97,500.00 - $210,625.00/yr and will vary depending on factors such as your location, skills and experience. The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus or commissions, in addition to equity incentives. Yahoo provides industry-leading benefits including healthcare, 401K savings plan, company holidays, vacation, sick time, parental leave and an employee assistance program.Currently work for Yahoo? Please apply on our internal career site.

Keywords: Yahoo!, Sunnyvale , Paranoids Product Security Engineer II, Engineering , Sunnyvale, California