About the role
Shopify's Trust & Security team is looking for a Director of Production Security. But what does that actually mean? Rather than draft a traditional job posting, we thought we would share our ideas for this role here. Admittedly this is a lot, and we're not expecting everything! While you mull this over, here's some background on how we got here:
Rewind 2 years! We had an Infrastructure Security team and an Application Security team. Our InfraSec team focused on platform hardening and incident response, across all manners of infrastructure. Our AppSec team was InfraSec's complement, focused on anything above the server layer, including vulnerability management, promoting secure development across Shopify, and implementing security features in our product.
Fast forward to 2018, and the line between these two layers has blurred, especially with our move towards Google Cloud. Both AppSec and InfraSec live in code, and it made sense to bring these two teams together.
Our Production Security team's mandate is to build trust across our platform and products, and we need your help. We need a Director who leads people, and who understands the complexity of securing a multi-tenant product, all while remaining empathetic to Shopify's ambitions and scale.
We'd love to hear what you would bring to this role, and look forward to reading your application!