Vulnerability Management, Technical Security Analyst

Job post summary
Location Americas
Team Trust and Security

About the role

We’re looking for a curious and detail-oriented individual to join Shopify’s Trust & Security Team as a Technical Security Analyst for our Vulnerability Management program. 

As part of the Trust Assurance team in Trust, you’ll be a key player in building and operating the  vulnerability management program that governs Shopify’s platform and products. In this role you’ll have the autonomy to discover, analyse and solve security issues at scale. You’ll work with security, engineering and product teams to resolve security vulnerabilities in our technology and platform.

Here’s what you can expect from the role - an opportunity to:

  • Conduct security assessments on Shopify’s systems and third party software.

  • Run vulnerability scans on Shopify’s infrastructure. 

  • Work with service providers to conduct external security testing.

  • Analyze security findings with the goal of risk identification.

  • Document the work in a way that scales for compliance programs.

  • Collaborate with other security and engineering teams to remediate vulnerabilities.

  • Maintain and grow the vulnerability management technology and tooling.

Qualifications

Requirements for the role:

  • Hands-on experience performing vulnerability scans usings tools like Nessus, Rapid 7, Qualsys,  OpenVas, etc.

  • Experience building and maintaining vulnerability management programs in cloud based environments.

  • Experience customizing vulnerability scanning programs based on risk profiles and business needs.

  • Experience analyzing and ranking vulnerability scan results.

  • Experience interacting with system owners to fix or remediate vulnerability scan findings.

It would be great if you had experience in one or more of the following (don’t stress, we are not expecting experience in all of the following!):

  • Understanding of information security fundamentals.

  • Understanding of cloud technologies, containerized environments and infrastructure as code.

  • Experience collaborating with compliance teams and familiarity with compliance programs such as SOC 2, SOX, PCI, etc.

  • Understanding of DevOps, CI/CD GitHub and CI/CD practices..

  • Building and deploying  automation to simplify security and IT practices.

  • Identifying, tracking and remediating security risk.

  • Researching and using data analysis to identify security threats. 

  • Experience with Google Cloud Platform.

If you want to help Shopify shape the future of commerce, hit the “Apply now” button to submit your application. We know that applying to a new role takes a lot of work and we truly value your time. Make sure you answer these question when applying: 

What are the biggest differences and challenges in implementing and maintaining a vulnerability management process in a cloud environment (including containers)?

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. Please take a look at our 2020 Sustainability Report to learn more about Shopify's commitments.

How we hire

At Shopify, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centres around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.
Learn more about our hiring process 

Not what you’re looking for?Check out these similar roles.

Job postings for similar
Position Team Location
Senior Application Security Engineer (EST) Trust and Security Americas
Recovery Specialist Trust and Security Americas
Security Engineering Program Manager, Trust Trust and Security Americas
Infrastructure Security Engineer Trust and Security Americas
Infrastructure Security Engineering/Development Manager (Remote, Americas) Trust and Security Americas
Staff Infrastructure Engineer (Remote, Americas) Trust and Security Americas
Senior Manager, Security Culture Awareness & Education Trust and Security Americas
Senior Manager, Security Culture Awareness and Education Trust and Security Seattle, United States
(Non-remote)

Let's make commerce better for everyone

Search jobs
Shopify Merchant's Pottery Shop