Paranoids Detection Engineer

A Little About Us

When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.

We are the information security team at Yahoo; known as "The Paranoids".

As a part of the Paranoids Detection Engineering Team, we protect Yahoo, its brands, and their users. We ensure that our users are kept safe from targeted attacks and account hijacking by government backed attackers. We investigate cyber threats which affect Yahoo's infrastructure, properties, and worldwide user base and apply innovative legal and technical remedies to mitigate those activities.

A Lot About You

We are seeking an awesome Detection Engineer to join our security team. Our ideal candidate will develop creative detections in order to identify a wide range of cybersecurity threats, from criminal groups to APTs and even insider threats. Our candidate will build and maintain threat detection rules using Python, YAML, Databricks, and SQL, but most importantly will work hand in hand with our Incident Response Team and Insider Threat Program to find adversaries. Our candidate will also work with our Advanced Cyber Threat Team to integrate threat intelligence to enhance our detection capabilities. 

You are an ideal candidate for our team if you value:

• Protecting employees and users, and making the Internet a safer place for everyone.

• Demonstrating a high level of curiosity and staying ahead of the latest cyber threat landscape and threat intelligence trends.

• Taking a proactive nature to identify gaps and resolve problems.

• Finding and stopping bad actors. 

• Working with a large cybersecurity team to brainstorm challenging problems. 

On a typical day, you may find yourself:

Utilizing internal Yahoo tools, cyber-threat intelligence feeds, and commercial solutions to build creative solutions for identifying adversaries in our environment.

• Develop and implement threat detection rules using Python and YAML.

• Supporting data processing and analysis using Databricks to aid threat detection.

• Writing and optimizing SQL queries to extract and analyze security-related data.

• Helping to integrate threat intelligence feeds and data sources to improve detection accuracy.

• Working with our  Incident Response Team and Insider Threat Program to develop real-time detections during security investigations. 

• Participating in regular reviews and updates of detection rules to adapt to evolving threats.

• Authoring documentation and reporting on detection rule performance and effectiveness.

• Engaging in threat hunting activities to proactively identify potential security threats.

• Having fun with your team! 

Requirements include a bachelor's degree or equivalent experience, development in Python and familiarity with writing performant SQL queries, working with SIEM systems, familiarity with statistical analysis and machine learning models.

An ideal candidate will also have a strong understanding of cyber threat detection frameworks such as MITRE ATT&CK or the Lockheed Martin Cyber Kill Chain® and the application of threat intelligence in building threat detection rules. Previous experience with tools we use (Databricks, Swimlane, etc.) could be helpful, but are not required.

The material job duties and responsibilities of this role include those listed above as well as adhering to Yahoo policies; exercising sound judgment; working effectively, safely and inclusively with others; exhibiting trustworthiness and meeting expectations; and safeguarding business operations and brand integrity.

At Yahoo, we offer flexible hybrid work options that our employees love! While most roles don’t require regular office attendance, you may occasionally be asked to attend in-person events or team sessions. You’ll always get notice to make arrangements. Your recruiter will let you know if a specific job requires regular attendance at a Yahoo office or facility. If you have any questions about how this applies to the role, just ask the recruiter!

Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo will consider for employment qualified applicants with criminal histories in a manner consistent with applicable law. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call +1.866.772.3182. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

We believe that a diverse and inclusive workplace strengthens Yahoo and deepens our relationships. When you support everyone to be their best selves, they spark discovery, innovation and creativity. Among other efforts, our 11 employee resource groups (ERGs) enhance a culture of belonging with programs, events and fellowship that help educate, support and create a workplace where all feel welcome.

Currently work for Yahoo? Please apply on our internal career site.