Manager, Application Security Engineering (Remote, Canada)
About the role
The Application Security team discovers and fixes security vulnerabilities in Shopify's products through sources such as internal security assessments and Shopify's public bug bounty program. The team then develops tooling, static analysis checks, and low-level fixes to prevent future vulnerabilities.
Our Application Security team is broken down into three key focus areas:
Our Proactive Security team manually reviews key applications, develops tools to automatically keep dependencies up to date, deploys static analysis tooling to identify vulnerabilities, provides dashboards to help development teams prioritize security issues, and teaches developers how to identify security issues in their own applications.
Shopify runs one of the world's largest bug bounty programs. Our Bug Bounty team continuously improves the program by adding new applications into scope, organizing "live hacking" events, and building tools that streamline our triage process and reduce the time needed to remediate vulnerabilities.
Many external developers use Shopify's API to build things, and merchants expect these integrations to be secure. We build scanning tools to verify that integrations meet our security requirements and automatically notify developers when issues need to be corrected. We also scan for API tokens that have been inadvertently published to sites such as GitHub.
We are looking for leaders to manage our Proactive Security team. If you’re an experienced, people-focused engineering lead, and you’re excited about growing people and teams to help protect our merchants, this role is for you!
- Grow the team both through mentoring, acting as a subject matter expert to a team of ICs, and external hiring
- Help define the long-term vision of application security at Shopify and rally the team around and towards this vision
- Help to roadmap and decompose our vision into granular milestones and projects; aid the team in getting from vision to reality
- Own team and technical decisions; demonstrate high quality judgment and help drive team consensus
- Build, leverage, and own cross-line and organization relationships
To be successful in this role you will need to:
- Be curious
- Be empathetic
- Possess the technical experience necessary to mentor your team and improve processes
- Have demonstrated experience of successfully leading and growing teams
- Have a passion for growing people on your teams from junior into senior roles
- Be accountable for and driving the execution of your team
- Be committed to creating high quality, low-friction, automated (where possible) solutions to help safeguard and champion for the security of our merchants
It would be great if you had experience:
- Setting up and/or running a bug bounty program
- Securing a multi-tenant web application
- Performing web application penetration testing using all resources at your disposal, especially source code
- Building tooling to help developers deploy secure software
- Triaging and resolving security vulnerabilities in the application layer
- Conducting application design reviews and building security solutions
- Developing web or mobile applications
Interested in applying? Check out Publicly disclosed issues from Shopify's Bug Bounty program and Updates on Shopify’s Bug Bounty Program
Shopify is now permanently remote, and we’re working towards a future that is digital by design. That location you see above? Consider it merely an example of hundreds of potential locations Shopify is hiring. Learn more here: https://www.shopify.com/careers/work-anywhere
Our belief is that a strong commitment to diversity & inclusion enables us to truly make commerce better for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities. Please take a look at our Sustainability Reports to learn more about Shopify’s commitments to our communities, and our planet.
At Shopify, we understand that experience comes in many forms. We’re dedicated to adding new perspectives to the team - so if your experience is this close to what we’re looking for, please consider applying.
How we hire
At Shopify, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centres around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.
Your application has been successfully submitted.
The SaaSy entrepreneurship company.