About the role
We’re looking for a curious and detail-oriented individual to join Shopify’s Trust & Security Team as a Technical Security Analyst for our Vulnerability Management program.
As part of the Trust Assurance team in Trust, you’ll be a key player in building and operating the vulnerability management program that governs Shopify’s platform and products. In this role you’ll have the autonomy to discover, analyse and solve security issues at scale. You’ll work with security, engineering and product teams to resolve security vulnerabilities in our technology and platform.
Here’s what you can expect from the role - an opportunity to:
Conduct security assessments on Shopify’s systems and third party software.
Run vulnerability scans on Shopify’s infrastructure.
Work with service providers to conduct external security testing.
Analyze security findings with the goal of risk identification.
Document the work in a way that scales for compliance programs.
Collaborate with other security and engineering teams to remediate vulnerabilities.
Maintain and grow the vulnerability management technology and tooling.
Requirements for the role:
Hands-on experience performing vulnerability scans usings tools like Nessus, Rapid 7, Qualsys, OpenVas, etc.
Experience building and maintaining vulnerability management programs in cloud based environments.
Experience customizing vulnerability scanning programs based on risk profiles and business needs.
Experience analyzing and ranking vulnerability scan results.
Experience interacting with system owners to fix or remediate vulnerability scan findings.
It would be great if you had experience in one or more of the following (don’t stress, we are not expecting experience in all of the following!):
Understanding of information security fundamentals.
Understanding of cloud technologies, containerized environments and infrastructure as code.
Experience collaborating with compliance teams and familiarity with compliance programs such as SOC 2, SOX, PCI, etc.
Understanding of DevOps, CI/CD GitHub and CI/CD practices..
Building and deploying automation to simplify security and IT practices.
Identifying, tracking and remediating security risk.
Researching and using data analysis to identify security threats.
Experience with Google Cloud Platform.
If you want to help Shopify shape the future of commerce, hit the “Apply now” button to submit your application. We know that applying to a new role takes a lot of work and we truly value your time. Make sure you answer these question when applying:
What are the biggest differences and challenges in implementing and maintaining a vulnerability management process in a cloud environment (including containers)?
At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. Please take a look at our 2020 Sustainability Report to learn more about Shopify's commitments.
How we hire
Not what you’re looking for?Check out these similar roles.
|Senior Application Security Engineer (EST)||Trust and Security||Americas|
|Recovery Specialist||Trust and Security||Americas|
|Security Engineering Program Manager, Trust||Trust and Security||Americas|
|Infrastructure Security Engineer||Trust and Security||Americas|
|Infrastructure Security Engineering/Development Manager (Remote, Americas)||Trust and Security||Americas|
|Staff Infrastructure Engineer (Remote, Americas)||Trust and Security||Americas|
|Senior Manager, Security Culture Awareness & Education||Trust and Security||Americas|
|Senior Manager, Security Culture Awareness and Education||Trust and Security||
Seattle, United States