About the role
Trust & Security spans a broad scope at Shopify. Regardless of the team we work on, we approach our work with two goals in mind: (1) reducing our teammates’ toil with software and (2) safeguarding our 600K+ merchants’ livelihoods. Ultimately, we want to enable Shopify to innovate quickly in our default to open culture while maintaining a robust security posture -- it’s not about creating a perfect solution that will never change or evolve. We encourage people to push beyond a narrow scope and constantly iterate here, with the freedom and support to try new ideas and approaches.
The thing is, choosing the right role can be really tricky when you don’t know the inner workings of a particular team at a given company. And when you've only been in your career a few short years, it can be difficult to find or know exactly what it is that you want to work on. Finding a team with great mentors and the opportunity to learn and grow your skills can seem like a job in and of itself!
With all this in mind, we thought we’d outline some of the engineering work being done on different teams within Trust & Security here at Shopify and open the floor to you. Take a look at the descriptions below and if one (or more) pique your interest, we’d love to hear from you!
Application Security 💻🔒
If you care a lot about securing products used by millions of people the world over, and want to focus your attention on elements such as account security, vulnerability assessments, and partnering with engineering teams to make their products more trustworthy, this might be the team for you!
Tools Development🛠 🔒
Think developer tools, but for your direct teammates on the Trust and Security Team! If you’re keen to build everything from scanners to detect all manner of nastiness, to tools that increase visibility into our networks, to automated reputation monitoring systems, you might have just found your next work-home.
Internal Security 📥🔒
You love digging into a spaghetti mess of systems and bringing more order to the organised chaos. If you are motivated to bring clarity and security to how different systems interact with each other through the software you build, internal security might be the place for you.
- Building software for securing our environments with code that is fast, well-tested, and well-documented.
- Fixing bugs fast and taking the time to solve hard problems well.
- Automating away security concerns.
- Collaborating with other developers and security SMEs.
Requirements for the role:
- An interest in security. Even if you’ve never worked on a security team before, you’re keen to stay up-to-date with the latest vulnerability disclosures, watch conference talks when you can, and/or have played CTFs/war games, worked with bug bounties, or solved similar security puzzles.
- Deep development experience. You’ve spent several years building tools and features that scale with a growing company.
- A love of learning. You are always driven to learn something new and try your best to stay on top of new information.
- Empathy for your teammates and the people using what you’ve built. You understand how your work impacts those around you, and take great care in communicating the “why”.
- A systems-thinking approach. You have a knack for understanding how systems interact and how changes to one element affect the whole.
- A strong aversion to repetitive tasks. If you’ve worked on the same thing twice, you immediately start thinking of a way to automate that task away.
- Keeping a bird’s eye view. You can prioritize the most important project(s) when faced with competing responsibilities.
- Contributing to open source security projects.
- Using log aggregation technologies and tools (Splunk, ELK stacks, etc).
- Interest in and/or experience with a few programming languages, though most of your day-to-day will be done in Ruby, Python, or Go.
- Experience with any of the following: Docker, Kubernetes, Cloud Infrastructure systems, SSO protocols, MySQL, MVC server-side framework...
We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Krystle is an actual real live person (👋🏻) and is looking forward to learning more about you.
And remember, we want to know what you're really interested in building and why you want to build it at Shopify, so please give us as much detail on this as you'd like in your cover letter - we do love a good story. 👍 📖
|Security Incident Response Lead||Trust & Security||Ottawa, Canada|
|Choose your own Security Engineering adventure||Trust & Security||Toronto, Canada|
|Director of Production Security||Trust & Security||Ottawa, Canada|
|Lead Software Engineer - Product Security||Trust & Security||Ottawa, Canada|
|Senior Technical Security Analyst||Trust & Security||Ottawa, Canada|
|Software Engineer - Mobile Security||Trust & Security||Ottawa, Canada|
|Lead Software Engineer - Product Security||Trust & Security||Toronto, Canada|
|Software Engineer - Mobile Security||Trust & Security||Toronto, Canada|
|Software Engineer - Mobile Security||Trust & Security||Montreal, Canada|
|Director of Production Security||Trust & Security||Toronto, Canada|
|Lead Software Engineer - Security||Trust & Security||Toronto, Canada|
|Lead Software Engineer - Security||Trust & Security||Ottawa, Canada|