Director of Security Engineering
Shopify
Montreal, Canada
10d ago

Shopify is looking for a security leader to help shape the future of trustworthy commerce for us and our 600,000+ merchants.

Our Production Security team is responsible for three areas - Application Security, Mobile Security, and Infrastructure Security.

We brought these three areas together in anticipation of Shopify’s migration to , so that these teams could together build trust across our platform and products.

to lead each of these teams and provide technical security advice as a stakeholder on projects deployed across the company.

Shopify needs someone with experience securing web applications and / or infrastructure at scale, growing highly technical teams, and supporting secure engineering practices in a fast-

paced development environment. Beyond the technical requirements, we need a director who cares about the people they lead, and who approaches security with empathy for Shopify's ambitions.

We know that this is a lot to ask, and we aren’t expecting that you have deep experience in all of the areas covered by our Production Security team in order to apply.

We’ve mapped out some of our thoughts on this role in , but if your background is more aligned with , we’d like you to have some of the following experience : Setting up and / or running a bug bounty program.

Securing a multi-tenant web application. Performing web application penetration testing using all resources at your disposal, especially source code.

Building tooling to help developers deploy secure software. Triaging and resolving security vulnerabilities in the application layer.

Developing web or mobile applications. Conducting application design reviews and building security solutions. , we’re looking for some (or all!) of this experience in your background : Building technical security systems in a cloud environment.

Securing containerized applications using technologies such as Docker or Kubernetes. Creating RBAC policies in a CI / CD environment.

Understanding Linux systems primitives, and employing them in a security context. Patching and vulnerability management at the systems level.

Requirements for the role :

Bonus experience :

  • Security expertise at scale. You’ve dived deep in either Application or Infrastructure Security, and possess some or all of the experience listed above for your discipline / area of expertise.
  • Developing software in any of these languages : Ruby on Rails, Go, Lua, Python, Javascript, MySQL.
  • Continuous learning. You are constantly learning more about your area of security, staying on top of news of the latest vulnerabilities and trends in the industry.
  • You also have a keen interest in and willingness to learn other areas of technical security engineering, and are able to ramp up quickly.

  • Building security features for applications running on public cloud : GCP, AWS, Azure.
  • People and technical leadership. You’ve developed and executed roadmaps and mentored highly technical engineers as they grow in their craft.
  • These are different skills, and you constantly seek ways to improve your leadership abilities to help your team succeed.

  • Software-as-a-Service experience. You understand the particular concerns of a SaaS company because you’ve operated in this environment.
  • You are particularly motivated by the concerns of both the teams you partner with in your company, and the customers who use the service.

  • Relationship building. You are able to develop trust relationships quickly with stakeholders across a business through your empathy and resourcefulness.
  • You are known as a partner, rather than a blocker.

  • Creativity and flexibility. Problem-solving is more than a catch phrase for you. You approach new and novel challenges wondering how to make it work rather than how to shut it down, and seek multiple opinions and approaches when tackling difficult problems.
  • Responsibilities :

  • Building technical security teams to meet current and future engineering objectives.
  • Providing security input to product teams across Shopify.
  • Securing Shopify’s kubernetes-based cloud infrastructure.
  • Developing and implementing new technology to support security monitoring and incident response in the cloud.
  • Building tooling to scale secure deployment of systems across everything that Shopify runs.
  • Leading Shopify’s strategy for secure mobile and web application development.
  • Owning the roadmap and leading engineering for authentication systems used across Shopify’s products.
  • Understanding new web authentication standards and building products that can support them.
  • Apply
    Add to favourites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form