Information Security Engineer (Remote)

We’re looking for an Information Security Engineer to join Yelp’s globally expanding Security team to help keep our infrastructure, network, endpoints, and applications safe.   

Are you someone who’s passionate about the challenging area of enterprise security? Do you thrive in an environment that bridges technical and business requirements to meet security needs? As an InfoSec Engineer, you’ll work on improving our security posture and capabilities. Together with our awesome security engineers, you’ll partner with technology and business leads to understand their objectives, identify threats, and efficiently secure enterprise systems at scale. You’ll also partner with internal stakeholders to help architect Yelp’s future risk management, security education, and network security systems.

This opportunity requires you to be located in the United Kingdom.

We’d love to have you apply, even if you don't feel you meet every single requirement in this posting. At Yelp, we’re looking for great people, not just those who simply check off all the boxes.

Where You Come In:

• Work closely with teams across the organization (particularly IT, Tech Sourcing, and Legal) to implement proactive security measures.
• Implement technical controls to reduce risk in the corporate environment.
• Identify vulnerabilities through assessments, working with internal partners to remediate Yelp’s environment.
• Set policies and best security practices for IT and other internal organization and third-party integrations.
• Help perform threat modeling across business applications and infrastructure integrations.
• Work with others on endpoint security to ensure the machines in use are secure.
• Conduct routine phishing and Information Security campaigns to increase users’ awareness of social engineering attacks and provide periodic reporting on such.
• Develop appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.
• Research emerging security threats and propose additional components and techniques that could be used to proactively detect and prevent malicious activity.

What It Takes to Succeed:

• Professional experience in large enterprise environments or working to secure enterprise applications, risk management, or supply chain risk.
• Basic skills in Python, Javascript, Java, PHP, or C++.
• Ability to perform threat and vulnerability assessments and provide subject matter expertise on appropriate threat mitigation.
• Experience improving threat detection using network or endpoint system capabilities.
• BS or MS in Computer Science, Engineering, or a related technical discipline, or equivalent experience.

What You'll Get:

• Full responsibility for projects from day one, a collaborative team, and a dynamic work environment.
• Competitive salary with equity in the company, a pension scheme, and an optional employee stock purchase plan.
• 25 days paid holiday (rising to 29 with service), plus one floating holiday.
• £150 monthly reimbursement to help cover remote working expenses.
• £75 caregiver reimbursement to support dependent care for families.
• Private health insurance, including dental and vision.
• Flexible working hours and meeting-free Wednesdays.
• Regular 3-day Hackathons, bi-weekly learning groups, and productivity spending to support and encourage your career growth. 
• Opportunities to participate in digital events and conferences.
• £56 per month to use toward qualifying wellness expenses.
• Quarterly team offsites.