Yahoo · 7 hours ago
Sr Technical Security Engineer - Vulnerability Management
United States
Full-time
Hybrid
Mid, Senior Level
$128K/yr - $267K/yr
7+ years expYahoo serves as a trusted guide for hundreds of millions of people globally, helping them achieve their goals online through our portfolio of iconic products. They are seeking a Senior Security Engineer to lead Vulnerability Management, focusing on identifying and mitigating security vulnerabilities across their infrastructure and cloud environments.
EmailInternetNative AdvertisingOnline PortalsSearch EngineSocial Media
Responsibilities
Direct the coordination and remediation of high-severity security vulnerabilities
Manage the process from detection, assessment, communication, remediation coordination of security vulnerabilities
Use Databricks to parse and analyze massive datasets in order to address vulnerabilities across the company
Identify vulnerability trends across the company and create reports for senior leadership
Oversee the technical requirements for vulnerability scanning vendors
Configure scanners to match our changing environment and manage the vendor relationship to attain the features required
Perform vulnerability scan, analysis, validation and remediation activities
Validate vulnerabilities discovered through scans and code analysis
Prioritize risks based on the specific context of the Yahoo environment, distinct mitigating factors, and assessment of the impacts of internal and external threat factors
Own, maintain, and create the operational process documentation and vulnerability handling runbooks regarding program execution
Work with product teams, developers, and system administrators to explain security risks, and provide remediation guidance for vulnerabilities
Provide security subject matter expertise to Yahoo product teams including developers and system administrators
Watch public and proprietary sources for vulnerability information
Assess the impact of zero-day threats and recommend immediate action
Research and assess new threats, vulnerability security trends and security alerts, recommend remedial action
Develop metrics and dashboards for vulnerability management functions
Perform technical and non-technical compliance activities, as needed
Participate in an on-call rotation and provide after-hours support to drive the resolution of critical vulnerability handling
Qualification
Required
Bachelor's degree in a technical discipline (i.e., Computer Science, Engineering, Information Security) or equivalent practical experience
7+ years of experience in information security, specifically within vulnerability management or security engineering
Strong understanding of common application, network, and OS vulnerabilities (Linux, Windows and OSX), patching, and attack patterns
Proven experience driving critical vulnerability remediation activities
Ability to lead coordination with stakeholders during high-pressure vulnerability remediation efforts
Extensive experience with core vulnerability management scanners (i.e., Tenable, Nexpose, Qualys, AWS Inspector, GCP SCC, Github Advanced Security)
Experience with various vulnerability assessment solutions, vulnerability management, patch management, software development life cycle (SDLC), host based security systems, networking, systems administration, application development, cloud computing and information security best practices
Strong understanding of AI and AI prompting. You must be proficient in using AI tools to assist with coding, automation, and complex problem-solving
Proficiency with data analysis platforms. You should have experience using Databricks or similar tools to query and visualize large datasets to prioritize impactful vulnerabilities and reduce noise
Proficiency in Python or Go. You are comfortable building automation, working with APIs, writing clean and testable code
Deep understanding of supply chain risks (such as NPM), dependency confusion attacks, and detection and handling of malicious package attacks
Stays up to date with current vulnerabilities and vulnerability related news in various industries
Strong understanding of common cloud platforms, such as AWS, GCP, and container technologies, (Kubernetes, AWS EKS, Docker)
Familiarity with a variety of web application protocols, operating systems and networking technologies
Ability to work independently with limited data and operate with a high sense of urgency to shift priorities quickly in a fast-paced environment
Preferred
Certified Information Systems Security Professional (CISSP)
Experience independently leading projects to completion
Intermediate to advanced capabilities with Databricks for log analysis and dashboard creation
Background in software development life cycle (SDLC) and patch management
Experience collaborating with cross-functional teams, engineers, and leadership
Benefits
Healthcare
A great 401k
Backup childcare
Education stipends
Much (much) more
Company
Yahoo
Yahoo is a technology and media company that serves users through its portfolio of digital platforms, products, and services. It is a sub-organization of Verizon Media.
5001-10000 employees
H1B Sponsorship
Yahoo has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (197)
2022 (646)
2021 (381)
2020 (463)
Funding
Current Stage
Public CompanyTotal Funding
$6.8MKey Investors
SoftBank GroupSequoia Capital
2021-05-03Acquired
1996-04-12IPO
1995-11-30Series B· $4.8M
Leadership Team
Monica Vorn Mijaleski
Chief Financial Officer
Mike Gupta
SVP Finance / Chief Treasury Officer
Recent News
2026-01-18
MIT Technology Review
2026-01-11
Company data provided by crunchbase