Shopify is looking for a security leader to help shape the future of trustworthy commerce for us and our 800,000+ merchants. Our Production Security team is responsible for three areas: Application Security, Mobile Security, and Infrastructure Security. We brought these three areas together as Shopify’s migration to Google Cloud happened last year, so that these teams could together build trust across our platform and products.
We are looking for a Director of Security Engineering to lead these teams and provide technical security advice as a stakeholder on projects deployed across the company. Shopify needs someone with experience securing web applications and/or infrastructure at scale, growing highly technical teams, and supporting secure engineering practices in a fast-paced development environment. Beyond the technical requirements, we need a director who cares about the people they lead, and who approaches security with empathy for Shopify's ambitions.
We know that this is a lot to ask, and we aren’t expecting that you have deep experience in all of the areas covered by our Production Security team in order to apply. We’ve mapped out some of our thoughts on this role in this diagram, and you can hear more about the role of Trust & Security at Shopify in this video from our VP Andrew Dunbar.
If your background is more aligned with Application Security, we’d like you to have some of the following experience:
-- Setting up and/or running a bug bounty program.
-- Securing a multi-tenant web application.
-- Performing web application penetration testing using all resources at your disposal, especially source code.
-- Building tooling to help developers deploy secure software.
-- Triaging and resolving security vulnerabilities in the application layer.
-- Developing web or mobile applications.
-- Conducting application design reviews and building security solutions.
And if you’re more well-versed in Infrastructure Security, we’re looking for some of this experience in your background:
-- Building technical security systems in a cloud environment.
-- Securing containerized applications using technologies such as Docker or Kubernetes.
-- Creating RBAC policies in a CI/CD environment.
-- Understanding Linux systems primitives, and employing them in a security context.
-- Patching and vulnerability management at the systems level.
We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Marina is an actual real live person ( 👋) and is looking forward to learning more about you through your application.
And remember, we want to know what you're really interested in building and why you want to build it at Shopify, so please give us as much detail on this as you'd like in your cover letter - we do love a good story. 👍🏼📖
This posting will close on Friday October 11 at 12pm EDT.
At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.
We’re not just an ecommerce software, Shopify is the best ecommerce platform that has everything you need to sell online, on social media, or in person.