[TW EC] Sr. Technical Security Engineer

It takes powerful technology to connect our brands and partners with an audience of hundreds of millions of people. Whether you’re looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process trillions of data points a day, what you do here will have a huge impact on our business—and the world.

With millions of users relying on us, we are a high-profile target for adversaries across all levels of our tech stack. Our mission is to protect our users and make our platform one of the safest places to shop online in Taiwan.
 

We are looking for a Security Engineer responsible for cloud security, SDLC security, and security planning for Taiwan E-Commerce.

Responsibilities

• Collaborate on secure software development processes, including defining security requirements, reviewing software architecture, reviewing code and providing vulnerability consultation.

• Conduct web security assessments and ensure compliance with standards such as PCI DSS.

• Develop and maintain scalable strategies and policies to secure TWEC's public cloud platforms.

• Drive company-wide adoption of cloud and compute security policies.

• Design and implement enhancements to identify security misconfigurations accurately. Conduct thorough security reviews and provide project consultation.

• Evaluate and manage vulnerabilities across cloud environments, prioritize remediation efforts, and ensure continuous monitoring of potential threats.

• Monitor, evaluate, and respond to security alerts and events. Handle and analyze incidents to support effective resolution.

• Identify security risks and recommend improvement plans to enhance resilience.

Minimum Qualifications

• BS/MS in a Science/Technology/Engineering/Mathematics related field or equivalent experience

• 3+ years of related experience

• Experience with application programming or devops and the overall software development life cycle

• Good knowledge of web security vulns and countermeasures, including the OWASP Top 10

• Familiarity with the security features and best practices of major cloud platforms, such as AWS and GCP.

• Good communication and collaboration skills to work with people from a variety of technical backgrounds 

Preferable Qualification

• Good Knowledge of container and cloud infrastructure security concepts.

• Good knowledge and hands on practice of Java, PHP, python or shell script. 

• Proficient in Linux and Windows server security management.

• Knowledge or experience with a broad array of security technologies, such as Firewall, WAF, SIEM, Endpoint Security and more.

• A personal commitment to continuous learning and self-development

Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo will consider for employment qualified applicants with criminal histories in a manner consistent with applicable law. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (

) or call . Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements. 

If you’re curious about how this factors into this role, please discuss with the recruiter.

Currently work for Yahoo? Please apply on our internal career site.