This job has expired, please see additional jobs below
Paranoids Senior Track Search Rescue Team Member
Entertainment & Media Industry Company
Sunnyvale, CA, United States
Job Details - this job has expired, please see similar jobs below
Description
Senior Track Search Rescue team member.
Yahoo is a guide focused on making users' daily habits inspiring and entertaining. By creating highly personalized experiences for our users, we keep people connected to what matters most to them, across devices and around the world. In turn, we create value for advertisers by connecting them with the audiences that build their businesses.
A Little About Us
When you impact millions of people every day, you become a large target for adversaries in all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.
We are the information security team at Yahoo, we are known as “The Paranoids”. Specifically, we are the Track, Search, and Rescue team, similar in purpose but not your typical Incident Response team.
We perform rescue operations to bring hosts and networks back from security emergencies, we search large quantities of data for trends and tactics to identify what needs to be rescued, and we track intruders in our network using traditional, modern, and experimental techniques.
If you like being in a high-pressure, high-performing environment with people who use proven techniques in these disciplines and also explore and apply experimental ideas, we have an incredible team-oriented group of like-minded individuals for you to join.
Individual team members are focused into one of the three disciplines creating new techniques designed to enhance our abilities and be highly effective in an insane chaotic scale. Team members also rotate into the other disciplines to understand the relationships between the disciplines and apply knowledge in both directions: from secondary disciplines into the part-time, and also bring concepts from the secondary disciplines into the primary.
Keywords (if you are searching for these terms, it’s likely this role will interest you): Incident Response, Data Analysis, Data Analytics, Incident Management, Forensics, Splunk, Hadoop, Spark, Machine Learning, Anomaly Detection, Behavioral Analytics, Blue Team, Defense, Intruder Detection, Intrusion Detection, Security Analyst, Threat Analysis, Threat Intelligence, APT
A Lot About You
Your Day
• Search for indicators providing an incredibly low false-positive rate identifying compromised hosts or employee accounts.
• Track attackers through hosts and networks, identify where they are headed next and get there first.
• Rescue insecure systems, provide feedback to organizations encouraging their good security behavior.
• Organize and manage projects to improve security identification and response
• Participate in continual red/blue wargames
• You know and use Linux distributions
• Knowledge and experience in non-classic data center technology appreciated (Docker, Kubernetes, AWS)
• Identify necessary automation, create requirements and determine if we should buy, outsource inside Yahoo, or build within our team.
• Collaborate with other Paranoids teams:
• provide feedback for longer term solutions to our emergency solutions
• provide TTPs to other Paranoid teams to enhance their abilities (including the Offensive team)
• work with Visibility to gain access to more data in productive ways
• Organize and participate in regular post-mortems to educate Paranoids and other business units
• The Offensive team are our friends, but we will catch them before they get to their objectives.
What you bring
All team members must have proven communication skills and the ability to influence people and groups. In addition we break the team into three disciplines and are looking for people who are strong in one discipline and flexible enough to work in other disciplines as needed.
Rescue
Run rescue operations: effectively drive the resolution of high severity security issues by providing and overseeing remediation actions for our operations center, business units, and individuals.
Search
Search for indications of intrusion and compromise utilizing all available data sources, automating all effective searching techniques for direct notifications to ‘rescue’. Utilize intelligence from ‘track’ to test new methods of identifying attacker behaviors on hosts and networks.
Track
Track intruders in our networks and hosts, identifying hosts they have accessed, actions they have performed, and predicting their objectives.
Desired skills
• 4+ years of track, search and rescue experience
• Computer Science, Computer Engineer, or similar degree, or related experience.
• Forensic expertise in disk, memory, and log analysis. GCFE, GCFE, GNFA, EnCase Examiner, ACE, or similar.
• Training in Incident Handling: GIAC GCIH or GCIA or similar.
• Training in attacker techniques: CPT/CEH, GWAPT, GPEN, or similar
• Programming experience in multiple of: bash, python, perl, javascript, php
• Large scale data analysis experience with splunk, hadoop, R, python, or similar.
• Experience with multiple searching methodologies: simple matching (IOCs), pattern identification (TTPs), and anomaly identification.
• Experience with IOC management tools: CRITs, MISP, or similar.
• Strong writing skills to define requirements for additional technologies and systems.