Weekend Shift - Forensic and Incident Response Operations (FIRE) Analyst

About our team:
When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.

We are the information security team at Yahoo; known as "The Paranoids".
As part of the Paranoids Forensics and Incident Response Operations Team (FIRE), we protect Yahoo and its users from dedicated adversaries, working on the front lines monitoring for, hunting for, and responding to threats, we ensure that our users and company are kept safe.
You are a highly motivated security analyst who is available to work between
13:00 - 01:00 GMT Friday through Monday, and will use Yahoo internal tools and other systems to detect and respond to security events. You are interested in protecting sensitive corporate and user data from unauthorized access at Internet scale and applying advanced technical, behavioral, and investigative solutions to find evil, ensuring that Yahoo data remains secure.
 

During your time here we will:

• Give you the opportunity to take ownership of key processes supporting the mission of finding evil

• Enable you to stop advanced attackers and protect our users

• Provide you with a positive work life balance

• Encourage you to follow the investigation through till the end

• Challenge you to push the bounds of our security program and your own talents

Responsibilities

• Monitor and analyze security events from networks, applications, hosts, and databases

• Perform proactive research and identification of security anomalies

• Work with the team to develop and deliver table-top exercises

• Participate in regular threat hunting exercises

• Assess security incidents and assist Yahoo business units to remediate issues

• Work with a variety of security technologies including IDS, firewalls, EDR, etc

• Contribute to the overall security posture of Yahoo

• Work to tune signatures and develop new use cases for finding badness

• Evaluate new log sources for security detection value and develop potential use cases

• Continue to focus on process improvement including developing playbooks

• Work on special projects as needed

• Participate in a 24x7 on call rotation

Requirements

• Background in security fundamentals including network and host forensics, log analysis, and basic malware triage

• A passion for the field of information security and incident response.

• Understanding of common network services (web, mail, FTP, etc), network vulnerabilities, and attack patterns

• Functional experience with Windows, Mac and Linux systems and services

• An ability to work independently and communicate via technology

• Excellent written and verbal communication skills along with the ability to communicate complex, technical information to both technical and non-technical audiences

Desired

• Experience with DataBricks or Event Monitoring (SIEM) solutions

• Experience in shell scripting, Python, or similar tool and automation languages

Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo will consider for employment qualified applicants with criminal histories in a manner consistent with applicable law. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call +1.866.772.3182. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements. 

If you’re curious about how this factors into this role, please discuss with the recruiter.

Currently work for Yahoo? Please apply on our internal career site.