Software Engineer - Infrastructure Security (Remote)

Yelp, Vancouver, British Columbia, Canada

Connecting people with great local businesses

Yelp is looking for an authentic, tenacious, unboring software engineer  - who plays well with others and always protects the source! - to join our growing Infrastructure Security team.

By joining this group, you will have a tremendous impact to improve Yelp’s security posture, safeguard our users’ data, and keep our cloud-based systems safe from abuse and security exploits.

Infrastructure Security is responsible for data security, cloud (AWS) security, access controls, secrets management, and related systems/services within Yelp’s production environment.

If you are familiar with the DevSecOps paradigm, we consider this role to represent a superset of “security as code” best practice. You will champion and facilitate DevSecOps adoption across the organization, but you will also dive deeply into specific software development projects intended to secure high value components of Yelp’s infrastructure.

We’d love to have you apply, even if you don’t feel you meet every single requirement in this posting. At Yelp, we’re looking for great people, not just those who simply check off all the boxes.

This opportunity is fully remote and does not require you to be located in any particular region. We welcome applicants from throughout British Columbia.

Where You Come In:

  • Develop and deploy security-related components of Yelp’s cloud, data processing systems, and related infrastructure.
  • Create and validate access control policies for Yelp systems using state of the art authentication and authorization techniques, including implementation of technical controls for monitoring and enforcement.
  • Automate all the things - especially security testing and validation of production systems.
  • Define policy and best practices for security of our infrastructure, cloud, and data resources based on evolving technology and industry standards.
  • Evangelize Security and collaborate across the Engineering and Product organizations.
  • Monitor our network, applications, and infrastructure using the latest intrusion detection and automation tools.
  • Participate in oncall and incident response on an as needed basis.

What It Takes to Succeed:

  • Background in software engineering and ability to code.
  • Ideally, 1-5 years of software development experience in the security domain, with security implications, or with an attendant passion for security.
  • Some experience with incident response, oncall responsibilities, and/or digital forensics. 
  • Excellent written and verbal communication skills.
  • BS or MS in Computer Science, Engineering, or a related technical discipline, or equivalent experience.
  • Experience with languages like Python, Java, JavaScript, Puppet, etc.


  • Background in public cloud deployment or operations, especially with AWS.
  • Experience with Intrusion Detection Systems (IDS): their design, implementation, benchmarking, and related strategies.
  • Deep knowledge of IAM tools, techniques, and related best practices.
  • Experience in data security: access control, governance, PII control/detection, etc.
  • Prior experience in DevOps, DevSecOps, Site Reliability, Systems Administration, etc.

About Yelp

Yelp connects people with great local businesses. Our users have contributed approximately 127 million cumulative reviews of almost every type of local business, from restaurants, boutiques and salons to dentists, mechanics, plumbers and more. These reviews are written by people using Yelp to share their everyday local business experiences, giving voice to consumers and bringing “word of mouth” online.

Want to learn more about Yelp? Visit Yelp's website.