Paranoids Senior Track Search Rescue Team Analyst

Full Time
Sunnyvale, CA
Areas of Interest: Digital Forensics, Incident Response, Systems Security Analysis, Threat Analysis, Vulnerability Assessment and Management
report a problem

We're explorers, creators and innovators.
Join us.

Yahoo is a guide focused on making users' daily habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses.

A Little About Us
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet. 

We are the information security team at Yahoo, we are known as “The Paranoids”. 

Specifically, we are the Track, Search, and Rescue team, similar in purpose but not your typical Incident Response team.  

We perform rescue operations to bring hosts and networks back from security emergencies, we search large quantities of data for trends and tactics to identify what needs to be rescued, and we track intruders in our network using traditional, modern, and experimental techniques.

If you like being in a high-pressure, high-performing environment with people who use proven techniques in these disciplines and also explore and apply experimental ideas, we have an incredible team-oriented group of like-minded individuals for you to join.

Individual team members are focused into one of the three disciplines creating new techniques designed to enhance our abilities and be highly effective in an insane chaotic scale.  Team members also rotate into the other disciplines to understand the relationships between the disciplines and apply knowledge in both directions: from secondary disciplines into the part-time, and also bring concepts from the secondary disciplines into the primary.

Keywords (if you are searching for these terms, it’s likely this role will interest you): Incident Response, Data Analysis, Data Analytics, Incident Management, Forensics, Splunk, Hadoop, Spark, Machine Learning, Anomaly Detection, Behavioral Analytics, Blue Team, Defense, Intruder Detection, Intrusion Detection, Security Analyst, Threat Analysis, Threat Intelligence, APT


A Lot About You
Your Day

  • Search for indicators providing an incredibly low false-positive rate identifying compromised hosts or employee accounts.
  • Track attackers through hosts and networks, identify where they are headed next and get there first.
  • Rescue insecure systems, provide feedback to organizations encouraging their good security behavior.
  • Organize and manage projects to improve security identification and response
  • Participate in continual red/blue wargames
  • You know and use Linux distributions
  • Knowledge and experience in non-classic data center technology appreciated (Docker, Kubernetes, AWS)
  • Identify necessary automation, create requirements and determine if we should buy, outsource inside Yahoo, or build within our team.
  • Collaborate with other Paranoids teams:
  • provide feedback for longer term solutions to our emergency solutions
  • provide TTPs to other Paranoid teams to enhance their abilities (including the Offensive team)
  • work with Visibility to gain access to more data in productive ways
  • Organize and participate in regular post-mortems to educate Paranoids and other business units
  • The Offensive team are our friends, but we will catch them before they get to their objectives.

What you bring
All team members must have proven communication skills and the ability to influence people and groups.  In addition we break the team into three disciplines and are looking for people who are strong in one discipline and flexible enough to work in other disciplines as needed.

Run rescue operations: effectively drive the resolution of high severity security issues by providing and overseeing remediation actions for our operations center, business units, and individuals.

Search for indications of intrusion and compromise utilizing all available data sources, automating all effective searching techniques for direct notifications to ‘rescue’.  Utilize intelligence from ‘track’ to test new methods of identifying attacker behaviors on hosts and networks. 

Track intruders in our networks and hosts, identifying hosts they have accessed, actions they have performed, and predicting their objectives.

Desired skills
  • 4+ years of track, search and rescue experience
  • Computer Science, Computer Engineer, or similar degree,  or related experience.
  • Forensic expertise in disk, memory, and log analysis.  GCFE, GCFE, GNFA, EnCase Examiner, ACE, or similar. 
  • Training in Incident Handling: GIAC GCIH or GCIA or similar.
  • Training in attacker techniques: CPT/CEH, GWAPT, GPEN, or similar
  • Programming experience in multiple of: bash, python, perl, javascript, php
  • Large scale data analysis experience with splunk, hadoop, R, python, or similar.
  • Experience with multiple searching methodologies: simple matching (IOCs), pattern identification (TTPs), and anomaly identification.
  • Experience with IOC management tools: CRITs, MISP, or similar.
  • Strong writing skills to define requirements for additional technologies and systems.
. . Yahoo is committed to equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or any other unlawful factor and complies with all applicable laws including those regarding consideration of qualified applicants with criminal histories (such as the San Francisco Fair Chance Ordinance). If your disability makes it difficult for you to use Yahoo Careers, please send a note to accessiblecareers@yahoo-inc.comYahoo participates in E-Verify

Share this job:


Yahoo is a guide focused on making users' digital habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses. Yahoo is headquartered in Sunnyvale, California, and has offices located throughout the Americas, Asia Pacific (APAC) and the Europe, Middle East and Africa (EMEA) regions.
Visit Yahoo's Social Media pages:
Company Industry: Internet
Company Type: Public Company
Company Size: 10,001+