SSL Governance Engineer
Paranoids NAI
When you impact millions of people every day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Yahoo one of the safest places on the Internet.
We are the information security team at Yahoo; known as "The Paranoids".
As a Cookie Governance Engineer on the Network, Access and Identity (NAI) team, you will work closely with product and application developers as well as the Privacy team to design, review, and operate cookie behaviors that meet policy and technical standards. You will maintain the cookie registry, validate attributes and scopes, and contribute to identity‑safe patterns that strengthen Yahoo’s overall access posture.
Ideal Candidate
Highly responsible, self-motivated, individual with leadership skills
Results oriented persona with the ability to adapt to a constantly changing technical environment
Energetic and fast paced individual who thrives in a high growth, entrepreneurial environment
Excellent organizational and follow up skills
Excellent interpersonal, written and verbal communication skills
Coordinate with the Privacy team for legal review of purpose, category, retention, and consent mapping; incorporate their guidance into technical controls and documentation.
Work with identity/security engineers on standards for ‘Set-Cookie’ semantics at origin, edge, and app layers; align CI/CD checks and rollout plans.
Automate audit capabilities wherever possible.
4-year degree in a technical discipline
2–4 years in web platform/security/identity and hands-on HTTP work.
Proficiency with HTTP cookies and browser policies (‘Secure’, ‘HttpOnly’, ‘SameSite’, ‘Domain’/‘Path’, expiry/TTL).
Knowledge of compliance requirements such as PCI, GDPR, HIPAA, SOX for Identity and Network compliance
Experience with data visualization and dashboarding - Databricks preferred but any system will do!
Strong understanding of tooling/AI to conduct audits at scale.
Experience with CDNs or other edge services
Ability to work with our technologies preferred: Google Suite, Macs, Jira, Confluence, Slack etc.
Yahoo is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Yahoo will consider for employment qualified applicants with criminal histories in a manner consistent with applicable law. Yahoo is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (www.yahooinc.com/careers/contact-us.html) or call +1.866.772.3182. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.
Yahoo has a high degree of flexibility around employee location and hybrid working. In fact, our flexible-hybrid approach to work is one of the things our employees rave about. Most roles don’t require specific regular patterns of in-person office attendance. If you join Yahoo, you may be asked to attend (or travel to attend) on-site work sessions, team-building, or other in-person events. When these occur, you’ll be given notice to make arrangements.
If you’re curious about how this factors into this role, please discuss with the recruiter.
Currently work for Yahoo? Please apply on our internal career site.