2 days ago

Logo of Yelp

Senior Software Engineer, Security (Incident Detection and Response) (Remote - Canada)

$97k - $230k

Yelp

RemoteToronto, OntarioCanada

Summary Yelp engineering culture is driven by our values: we’re a cooperative team that values individual authenticity and encourages creative solutions to problems. All new engineers deploy working code their first week, and we strive to broaden individual impact with support from managers, mentors, and teams. At the end of the day, we’re all about helping our users, growing as engineers, and having fun in a collaborative environment. The Security Incident Detection and Response Team at Yelp is responsible for leading and managing Security Incident Response activities, actively managing and increasing detection precision, and providing advanced systems and tooling. This team is critical to improving Yelp’s detection and response capabilities which ensure the continued security and integrity of our data and systems. We’re looking for a Software Engineer, Security (Incident Detection and Response) to join Yelp’s globally expanding Security team and contribute to our efforts ensuring our cloud and corporate infrastructure, network, endpoints, and applications remain safe. This opportunity is fully remote and does not require you to be located in any particular area in Canada. We welcome applicants from throughout Canada. We’d love to have you apply, even if you don’t feel you meet every single requirement in this posting. At Yelp, we’re looking for great people, not just those who simply check off all the boxes. What youll do: Participate in incident response as a lead, investigator, and/or communicator throughout the lifecycle of a security incident. Develop automated tooling to recognize attacker TTPs (Tools, Tactics and Procedures) and IoCs (Indicators of Compromise). Design, develop, maintain, and operationalize monitoring, correlation, and alerting capabilities for Yelp’s corporate network, infrastructure, and applications to detect suspicious or anomalous behavior. Improve and enhance vulnerability detection and response capabilities. Help define policies and security best practices for IT, infrastructure, and other internal organizations and third-party integrations. Assist in performing threat modeling across business applications and infrastructure integrations. Exhibit the strong communication ability needed to enforce rigorous security standards, while always playing well with others and partnering with diverse stakeholders to advance Yelp’s goals. What it takes to succeed: Significant professional experience working to secure consumer websites, mobile applications, and/or large corporate IT infrastructure. Familiarity with malware analysis, network flow analysis, digital forensics, SOAR and SIEM platforms. Experience with modern threat intel (TIP) platforms. Experience in threat modeling, threat hunting, and/or vulnerability management. Software development experience in Python, JavaScript, Objective-C, or similar. Experience building custom tools and solutions to help mature monitoring, detection, and response capabilities, including automating manual processes. Passion for ensuring secure design review and educating others in security best practices. What youll get: Compensation range is $97,000-230,000 annually. Depending on your role and level, you may also be offered a bonus, restricted stock units, and benefits. This opportunity has the option to be fully remote in all locations across Canada. You can find more information about Yelps five star benefits here! Closing At Yelp, we believe that diversity is an expression of all the unique characteristics that make us human: race, age, sexual orientation, gender identity, religion, disability, and education — and those are just a few. We recognize that diverse backgrounds and perspectives strengthen our teams and our product. The foundation of our diversity efforts are closely tied to our core values, which include “Playing Well With Others” and “Authenticity.” We’re proud to be an equal opportunity employer and consider qualified applicants without regard to race, color, religion, sex, national origin, ancestry, age, genetic information, sexual orientation, gender identity, marital or family status, veteran status, medical condition, disability, or any other protected status. We are committed to providing reasonable accommodations for individuals with disabilities in our job application process. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-recruiting@yelp.com or 1-415-969-8488. Note: Yelp does not accept agency resumes. Please do not forward resumes to any recruiting alias or employee. Yelp is not responsible for any fees related to unsolicited resumes. ## LI-Remote Recruiting and Applicant Privacy Notice


Participate in incident response as a lead, investigator, and/or communicator throughout the lifecycle of a security incident. Develop automated tooling to recognize attacker TTPs (Tools, Tactics and Procedures) and IoCs (Indicators of Compromise). Design, develop, maintain, and operationalize monitoring, correlation, and alerting capabilities for Yelp’s corporate network, infrastructure, and applications to detect suspicious or anomalous behavior. Improve and enhance vulnerability detection and response capabilities. Help define policies and security best practices for IT, infrastructure, and other internal organizations and third-party integrations. Assist in performing threat modeling across business applications and infrastructure integrations. Exhibit the strong communication ability needed to enforce rigorous security standards, while always playing well with others and partnering with diverse stakeholders to advance Yelp’s goals.


Significant professional experience working to secure consumer websites, mobile applications, and/or large corporate IT infrastructure. Familiarity with malware analysis, network flow analysis, digital forensics, SOAR and SIEM platforms. Experience with modern threat intel (TIP) platforms. Experience in threat modeling, threat hunting, and/or vulnerability management. Software development experience in Python, JavaScript, Objective-C, or similar. Experience building custom tools and solutions to help mature monitoring, detection, and response capabilities, including automating manual processes. Passion for ensuring secure design review and educating others in security best practices.