Paranoids Technical Risk Analyst

Full Time
Sunnyvale, California
report a problem
Overview


We're explorers, creators and innovators.
Join us.

 
Yahoo is a guide focused on making users' daily habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses.

A Little About Us 
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.  

We are the information security team at Yahoo. People call us “The Paranoids”.

Our vision is to protect and defend infrastructure at Yahoo from threats around the world. We make sure Yahoo is a safe and secure place for employees and customers alike to interact and know that we can be trusted with their information.


A Lot About You
Yahoo is currently seeking a strong Technical Risk Analyst with a desire to focus on information security to join the Paranoids Risk Management team.  This role provides significant growth in knowledge and experience in the areas of information security, vulnerability management, and risk analytics. The Technical Risk Analyst is responsible for ensuring Yahoo businesses and third parties are appropriately evaluating risks inherent in software development and technology stack. The Technical Risk Analyst will be responsible for engaging with Yahoo engineers and the Paranoids Red Team to evaluate and balance between security risk and and business impacts. Candidates should be familiar with common application security vulnerabilities as well as a demonstrated understanding of common security and control frameworks. 

Your Day
  • Provide subject matter expertise on application security vulnerabilities and security controls and secure programming practices
  • Maintain and enforce information security policies and standards to enable a positive risk posture within Yahoo
  • Qualify and review security risk evaluation requests from the business
  • Act as a liaison between business and software engineering teams to understand and communicate technical security information to non-technical audiences
  • Contribute to other risk management activities such as tracking, driving and validating remediation of security vulnerabilities
  • Enable effective reporting of security risks across the company on a weekly, monthly, quarterly, and ad-hoc basis for executive leadership

What you bring
  • 4+ years relevant experience in an information security, IT risk management, IT audit or consulting role with progressive experience in security assessments, and security risk management and metrics
  • Bachelors Degree in Computer Science or Management Information Systems preferred
  • Ability to engage with teams to review application architecture and recommend secure designs for a fast paced, engineering-drive environment
  • Application security experience including knowledge of web security vulnerabilities and countermeasures, including OWASP Top 10
  • Knowledge of control frameworks and external compliance regulations/standards such as NIST 800-53, PCI DSS, ISO27001, SSAE 16, COSO, COBIT, etc.
  • Proven ability to function well independently and in a team, and be comfortable in a fast-paced, dynamic environment
  • CISSP, CISM, CISA, CCNA certifications preferred
. . Yahoo is committed to equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, protected veteran status, or any other unlawful factor and complies with all applicable laws including those regarding consideration of qualified applicants with criminal histories (such as the San Francisco Fair Chance Ordinance). If your disability makes it difficult for you to use Yahoo Careers, please send a note to accessiblecareers@yahoo-inc.comYahoo participates in E-Verify



Share this job:

Yahoo

Yahoo is a guide focused on making users' digital habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses. Yahoo is headquartered in Sunnyvale, California, and has offices located throughout the Americas, Asia Pacific (APAC) and the Europe, Middle East and Africa (EMEA) regions.
Visit Yahoo's Social Media pages:
Company Industry: Internet
Company Type: Public Company
Company Size: 10,001+