Job Overview
Yelp engineering culture values individual authenticity and creative problem-solving. As a member of the team, you will be responsible for leading security incident response activities.
Main Responsibilities:
* Participate in incident response as an incident commander, investigator, and/or coordinator throughout the lifecycle of a security incident.
* Conduct hands-on digital forensics (MacOS, Linux, Windows) and reverse engineering/malware analysis.
* Develop automated tooling to recognize attacker TTPs (Tools, Tactics and Procedures) and IoCs (Indicators of Compromise).
* Design, develop, maintain, and operationalize monitoring, correlation, and alerting capabilities for corporate networks, infrastructure, and applications to detect suspicious or anomalous behavior.
* Enhance vulnerability detection and response capabilities.
* Perform threat hunting and red teaming activities across business applications and infrastructure integrations.
* Communicate effectively to enforce rigorous security standards while upholding Yelp's value of collaboration.
Requirements:
* Significant experience working to secure consumer websites, mobile applications, and/or large corporate IT infrastructure.
* Proficiency in reverse engineering/malware analysis, network flow analysis, and digital forensics to collect and analyze evidence from compromised systems.
* Proficiency with SOAR and SIEM platforms.
* Knowledge of modern threat intel platforms.
* Experience in threat modeling, threat hunting, and/or vulnerability management.
* Software development skills in Python, JavaScript, Objective-C, or similar languages.
* Ability to build custom tools and solutions to mature monitoring, detection, and response capabilities, including automating manual processes.
* Passion for ensuring secure design review and educating others in security best practices.