Posted: 15 June
The role
JOB DESCRIPTION
Summary
Yelp engineering culture is driven by our : we’re a cooperative team that values individual authenticity and encourages creative solutions to problems. All new engineers deploy working code their first week, and we strive to broaden individual impact with support from managers, mentors, and teams. At the end of the day, we’re all about helping our users, growing as engineers, and having fun in a collaborative environment.
Yelp’s Application Security team protects Yelp's users, services, and applications, supporting both internal engineering teams and external consumers and businesses every day. This ranges from internal security tools like SAST to supporting our public bug bounty program. As a member of this team, you will partner with engineers across mobile, frontend, and backend to build secure-by-default and paved-path frameworks that scale with Yelp's growing product surface.
We’re seeking an Application Security Engineer to help safeguard our applications and services from emerging security threats. In this role, you’ll have the opportunity to make a meaningful impact on the security of products used by millions of people every day. You’ll work closely with engineers across the company to build secure-by-default systems and ensure security is woven into every stage of development.
At Yelp, we value authenticity, creativity, and collaboration. You’ll deploy code in your first week and continue to make meaningful contributions with the support of your manager, mentor, and teammates. Our mission is to build trust with our users by delivering secure, reliable products—while growing as engineers and having fun along the way.
This opportunity requires you to be located in the United Kingdom. We’d love to have you apply, even if you don’t feel you meet every single requirement in this posting. At Yelp, we’re looking for great people, not just those who simply check off all the boxes.
What you'll do:
Collaborate with cross-functional engineering teams (mobile, frontend, backend) to perform threat modeling, conduct security reviews, and design secure libraries that enhance the security of Yelp’s applications and services.Develop and deploy services for login and account security specific to Yelp’s website and mobile apps.Support security incident response and contribute to the team’s operational activities, including triaging bug bounty submissions and vulnerability reports from internal security tools.Build automated solutions to detect and prevent potential security threats within Yelp’s application and services.Evangelize security best practices and policies to be incorporated within software development life cycle.Be a team player who lives the Yelp Values and thrives in a diverse and inclusive work culture.What it takes to succeed:
You are a software generalist with an interest in application security.Several years of software engineering experience in application security.Strong understanding of web application security, Mobile security, APIs, and cloud security.Familiarity with common vulnerabilities (OWASP Top 10).Command of your favorite modern programming language (Python, Java, Javascript - React, Swift and/or Objective-C).Security research and pen testing experience are assets.Comfort reading and navigating unfamiliar codebases.What you'll get:
Full responsibility for projects from day one, a collaborative team, and a dynamic work environment.Competitive salary, a pension scheme, and an optional employee stock purchase plan.25 days paid holiday (rising to 29 with service), plus one floating holiday.£150 monthly reimbursement to help cover remote working expenses.£75 caregiver reimbursement to support dependent care for families.Private health insurance, including dental and vision.Flexible working hours and meeting-free Wednesdays.Regular 3-day Hackathons, bi-weekly learning groups, and productivity spending to support and encourage your career growth. Opportunities to participate in digital events and conferences.£75 per month to use toward qualifying wellness expenses.Quarterly team offsites.Closing
