Security Engineering Lead - Mobile Applications

Ottawa, Canada

Full-time


Android Ruby React TypeScript Swift C Java Kotlin GraphQL

No further applications

Shopify employees make commerce better for our 800,000+ merchants every day. This includes securing every aspect of Shopify, from storefront to the Admin panel to our mobile applications. Business happens wherever our merchants happen to be - folks no longer find themselves tethered to any particular device and all our applications require the same level of care.

If you're an application security engineer who dives deep on mobile-specific security OR a mobile developer who is constantly seeking ways to make your code more secure, we'd love to hear from you! There's a huge diversity of work to be done on the team, from helping identify and respond to application vulnerabilities to developing tools to integrate security into our mobile development process.

You'll need to have:

  • iOS development experience. You’ve built native mobile applications for iOS in Objective C or Swift
  • A collaborative approach to security. You understand that developers are building great products and want to help make those products be even better
  • An eye for edge cases. You see potential vulnerabilities when reviewing mobile application architecture and design roadmaps and offer detailed suggestions to secure them
  • Thorough knowledge of mobile security issues. You’ve built a library in your mind of common issues, and continually learn more about new applications and issues
  • An inherent creativity and curiosity. You don’t believe in forcing a new problem into an old solution, and want to find creative ways to include security in the software development process

It'd be great if you also had:

  • Experience leading a team
  • Experience building native mobile applications for Android in Java or Kotlin
  • Back-end web application development knowledge, especially with Ruby on Rails
  • Experience with IDEs Xcode and Android Studio
  • Experience with C++, React, Javascript and TypeScript, GraphQL
  • Work with bug bounty programs (like our program, for instance: https://hackerone.com/shopify)

You'll be working on things like:

  • Establishing and driving the mobile security roadmap for Shopify
  • Leading and mentoring a small team of mobile security engineers
  • Working on projects to improve account security and abuse detection on the Shopify platform
  • Acting as a trusted security advisor to the mobile development teams at Shopify
  • Performing security reviews, including code reviews, and guiding developers on how to ship features securely
  • Developing tools to help scale the mobile security assessment process
  • Responding to vulnerabilities disclosed through our bug bounty program (check-out this report as an example https://hackerone.com/reports/637194)
  • Providing security advice to our Retail product teams

We know that applying to a new role takes a lot of work and we truly value your time. Marina is looking forward to reading your application and hearing why you feel this role is right for you!

This posting will close on September 20 2019 at 12pm EDT.

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.

We’re not just an ecommerce software, Shopify is the best ecommerce platform that has everything you need to sell online, on social media, or in person.