Information Security Engineer
Yelp is looking for an Information Security (InfoSec) Engineer to keep us safe and sane as our team expands to numerous offices around the world. It's an opportunity to have impact and broad scope protecting Yelp's corporate infrastructure, employees, and systems across multiple site locations.
As an InfoSec Engineer, you will work on improving our threat detection & response capabilities. Our awesome corporate security engineers bring a software engineering mindset to security, and build automated systems for DFIR that work at scale. You will also partner with our corporate infrastructure and IT teams to help architect our future authentication, identity management, and network security systems.
What You Will Do:
- Lead threat modeling, mitigation discovery, and manual/automated verification of mitigations.
- Build tools and infrastructure for automating incident response.
- Set policies & best security practices for IT, Infrastructure, and other internal organizations and third party integrations.
- Create, validate and audit access control policies for Yelp systems.
- Lead security education across the organization.
- Participate in incident response, and forensics collection and analysis.
- Coordinate resolution of security issues with other Engineering and IT teams.
- Develop monitoring and alerting capabilities for Yelp internal security systems.
- Collaborate with teams inside of Yelp to deploy new security-related tools and processes across the organization.
We Are Looking For:
- At least 2 years of professional experience working to secure consumer websites, mobile applications, or large corporate IT infrastructure is a requirement.
- Exposure to digital forensics and incident response.
- Corporate network penetration testing experience.
- Passion for educating others about security best practices.
- Participation in 24/7 incident response is required.
- BS or MS in Computer Science, Engineering, or a related technical discipline, or equivalent experience.
- Experience with PCI, SOX, and avoiding draconian compliance regimes.
- Experience conducting third party assessments of software vendors and SaaS apps.
- Threat hunting experience in large corporate infrastructure environment.
- Windows, macOS or Linux administration experience.
- Security certifications, such as CISSP.
Back to top