Shopify is looking for a security leader to help shape the future of trustworthy commerce for us and our 600,000+ merchants.
Our Production Security team is responsible for three areas - Application Security, Mobile Security, and Infrastructure Security.
We brought these three areas together in anticipation of Shopify’s migration to , so that these teams could together build trust across our platform and products.
to lead each of these teams and provide technical security advice as a stakeholder on projects deployed across the company.
Shopify needs someone with experience securing web applications and / or infrastructure at scale, growing highly technical teams, and supporting secure engineering practices in a fast-
paced development environment. Beyond the technical requirements, we need a director who cares about the people they lead, and who approaches security with empathy for Shopify's ambitions.
We know that this is a lot to ask, and we aren’t expecting that you have deep experience in all of the areas covered by our Production Security team in order to apply.
We’ve mapped out some of our thoughts on this role in , but if your background is more aligned with , we’d like you to have some of the following experience : Setting up and / or running a bug bounty program.
Securing a multi-tenant web application. Performing web application penetration testing using all resources at your disposal, especially source code.
Building tooling to help developers deploy secure software. Triaging and resolving security vulnerabilities in the application layer.
Developing web or mobile applications. Conducting application design reviews and building security solutions. , we’re looking for some (or all!) of this experience in your background : Building technical security systems in a cloud environment.
Securing containerized applications using technologies such as Docker or Kubernetes. Creating RBAC policies in a CI / CD environment.
Understanding Linux systems primitives, and employing them in a security context. Patching and vulnerability management at the systems level.
Requirements for the role :
Bonus experience :
You also have a keen interest in and willingness to learn other areas of technical security engineering, and are able to ramp up quickly.
These are different skills, and you constantly seek ways to improve your leadership abilities to help your team succeed.
You are particularly motivated by the concerns of both the teams you partner with in your company, and the customers who use the service.
You are known as a partner, rather than a blocker.