Manager, Application Security Engineering (Remote, Americas)
| Location | Americas |
| Team | Trust and Security |
About the role
The Application Security team discovers and fixes security vulnerabilities in Shopify's products through sources such as internal security assessments and Shopify's public bug bounty program. The team then develops tooling, static analysis checks, and low-level fixes to prevent future vulnerabilities.
Our Application Security team is broken down into three key focus areas:
Proactive Security
Our Proactive Security team manually reviews key applications, develops tools to automatically keep dependencies up to date, deploys static analysis tooling to identify vulnerabilities, provides dashboards to help development teams prioritize security issues, and teaches developers how to identify security issues in their own applications.
Bug Bounty
Shopify runs one of the world's largest bug bounty programs. Our Bug Bounty team continuously improves the program by adding new applications into scope, organizing "live hacking" events, and building tools that streamline our triage process and reduce the time needed to remediate vulnerabilities.
Ecosystem Security
Many external developers use Shopify's API to build things, and merchants expect these integrations to be secure. We build scanning tools to verify that integrations meet our security requirements and automatically notify developers when issues need to be corrected. We also scan for API tokens that have been inadvertently published to sites such as GitHub.
We are looking for leaders to manage our Proactive Security team. If you’re an experienced, people-focused engineering lead, and you’re excited about growing people and teams to help protect our merchants, this role is for you!
You will:
Grow the team both through mentoring, acting as a subject matter expert to a team of ICs, and external hiring
Help define the long-term vision of application security at Shopify and rally the team around and towards this vision
Help to roadmap and decompose our vision into granular milestones and projects; aid the team in getting from vision to reality
Own team and technical decisions; demonstrate high quality judgment and help drive team consensus
Build, leverage, and own cross-line and organization relationships
Qualifications
To be successful in this role you will need to:
Be curious
Be empathetic
Possess the technical experience necessary to mentor your team and improve processes
Have demonstrated experience of successfully leading and growing teams
Have a passion for growing people on your teams from junior into senior roles
Be accountable for and driving the execution of your team
Be committed to creating high quality, low-friction, automated (where possible) solutions to help safeguard and champion for the security of our merchants
It would be great if you had experience:
Setting up and/or running a bug bounty program
Securing a multi-tenant web application
Performing web application penetration testing using all resources at your disposal, especially source code
Building tooling to help developers deploy secure software
Triaging and resolving security vulnerabilities in the application layer
Conducting application design reviews and building security solutions
Developing web or mobile applications
Interested in applying? Check out Publicly disclosed issues from Shopify's Bug Bounty program and Updates on Shopify’s Bug Bounty Program
Shopify is now permanently remote, and we’re working towards a future that is digital by design. That location you see above? Consider it merely an example of hundreds of potential locations Shopify is hiring. Learn more here: https://www.shopify.com/careers/work-anywhere
Our belief is that a strong commitment to diversity & inclusion enables us to truly make commerce better for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities. Please take a look at our Sustainability Reports to learn more about Shopify’s commitments to our communities, and our planet.
At Shopify, we understand that experience comes in many forms. We’re dedicated to adding new perspectives to the team - so if your experience is this close to what we’re looking for, please consider applying.
How we hire
Not what you’re looking for?Check out these similar roles.
| Position | Team | Location |
|---|---|---|
| Infrastructure Security Engineering/Development Manager (Remote, Americas) | Trust and Security | Americas |
| Senior Technical Project Manager | Trust and Security | Americas |
| Manager, Fraud Operations | Trust and Security | Americas |
| Senior Application Security Engineer (EST) | Trust and Security | Americas |
| Infrastructure Security Engineer | Trust and Security | Americas |
| Engineering Program Manager - Trust Assurance, Compliance (remote, Americas) | Trust and Security | Americas |
| Engineering Program Manager - Zero Trust Security (Remote, Americas) | Trust and Security | Americas |
| Privacy Engineering Program Manager - Trust Partnerships (remote, Americas) | Trust and Security | Americas |
| Engineering Program Manager - Trust Partnerships (Remote, Americas) | Trust and Security | Americas |
| Security Team Lead, Shopify Plus - Trust Partnerships (Remote, North America) | Trust and Security | Americas |
