Paranoids Senior Technical Security Engineer - Product Security
YahooIreland16 hours ago
Full-timeRemote FriendlyInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
It takes powerful technology to connect our brands and partners with an audience of hundreds of millions of people. Whether you’re looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process trillions of data points a day, what you do here will have a huge impact on our business—and the world.
Job Description
As Yahoo, our brands help people stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. With technologies like XR, AI and machine-learning we’re transforming media for tomorrow, too. We're creators and coders, dreamers and doers creating what's next in content, advertising and technology.
About Our Team
When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet. We are the information security team at Yahoo; known as "The Paranoids".
Responsibilities
As a Paranoids Product Security Engineer, you have the opportunity to guide secure development for a product area and in addition, own and drive secure development initiatives affecting the overall enterprise.
Activities include the following:
Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements.
If you’re curious about how this factors into this role, please discuss with the recruiter.
Currently work for Yahoo? Please apply on our internal career site.
Job Description
As Yahoo, our brands help people stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. With technologies like XR, AI and machine-learning we’re transforming media for tomorrow, too. We're creators and coders, dreamers and doers creating what's next in content, advertising and technology.
About Our Team
When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet. We are the information security team at Yahoo; known as "The Paranoids".
Responsibilities
As a Paranoids Product Security Engineer, you have the opportunity to guide secure development for a product area and in addition, own and drive secure development initiatives affecting the overall enterprise.
Activities include the following:
- Independently lead application and mobile security assessments, from design to deployment, for key enterprise products.
- Drive threat modeling and risk assessments for high-impact systems, guiding engineering teams through secure design trade-offs.
- Partner with developers to embed security into build and release pipelines, and identify opportunities for automation.
- Develop and maintain internal security tooling and reusable frameworks to scale security across teams.
- Lead the remediation of critical vulnerabilities and help coordinate with incident response when needed.
- Mentor other security engineers and advocate for secure development practices across product and engineering teams.
- Collaborate cross-functionally with cloud security, infrastructure, and compliance teams to ensure holistic protection of applications and data.
- Stay informed on emerging threats, frameworks, and technologies, and proactively improve security posture through innovation.
- 5 years of experience in application or product security, with demonstrated impact securing large-scale web and/or mobile applications.
- Deep understanding of secure application architecture, including authentication, authorization, encryption, and data protection across distributed systems.
- Proven hands-on experience performing threat modeling, secure design reviews, and code assessments for complex applications and APIs.
- Strong technical knowledge of web technologies (HTTP, TLS, CSP, cookies, OAuth, JWTs, GraphQL, REST APIs) and mobile security (iOS/Android app security models, keychains, secure storage, code obfuscation).
- Proficiency using and integrating application security tooling (SAST, DAST, IAST, dependency scanning, container scanning) into CI/CD pipelines.
- Practical experience with vulnerability triage and remediation workflows — coordinating across engineering teams to ensure timely fixes.
- Hands-on skills in at least one backend or systems programming language (e.g., Go, Java, Python, C#) and one frontend or mobile language (e.g., JavaScript/TypeScript, Swift, Kotlin).
- Experience contributing to or automating security testing and validation in continuous integration environments.
- Strong ability to communicate security risks and solutions clearly to engineers, managers, and non-technical stakeholders.
- Track record of driving security improvements across teams — through frameworks, documentation, training, or developer engagement.
- Experience designing and maintaining secure frameworks or libraries used by multiple engineering teams.
- Familiarity with cloud-native application security (AWS/GCP/Azure), identity and access management, and secrets management.
- Experience leading or mentoring junior engineers in secure coding, threat modeling, and vulnerability management.
- Background with mobile application hardening, anti-tampering, and reverse engineering defenses.
- Understanding of supply chain security, including dependency management and integrity verification.
- Contributions to open-source security tools, security research, or industry standards bodies.
- Certifications such as GWEB, GWAPT, OSWE, or CSSLP a plus, but not required.
Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements.
If you’re curious about how this factors into this role, please discuss with the recruiter.
Currently work for Yahoo? Please apply on our internal career site.
Key Skills
Ranked by relevanceReady to apply?
Join Yahoo and take your career to the next level!
Application takes less than 5 minutes