Job Description

Company Description
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consumers everywhere. Shopify powers millions of businesses in more than 175 countries and is trusted by brands such as Allbirds, Gymshark, PepsiCo, Staples, and many more.


The Application Security team discovers and fixes security vulnerabilities in Shopify's products through sources such as internal security assessments and Shopify's public bug bounty program. The team then develops tooling, static analysis checks, and low-level fixes to prevent future vulnerabilities. Our Application Security team is broken down into three key focus areas: Proactive Security Our Proactive Security team manually reviews key applications, develops tools to automatically keep dependencies up to date, deploys static analysis tooling to identify vulnerabilities, provides dashboards to help development teams prioritize security issues, and teaches developers how to identify security issues in their own applications. Bug Bounty Shopify runs one of the world's largest bug bounty programs. Our Bug Bounty team continuously improves the program by adding new applications into scope, organizing "live hacking" events, and building tools that streamline our triage process and reduce the time needed to remediate vulnerabilities. Ecosystem Security Many external developers use Shopify's API to build things, and merchants expect these integrations to be secure. We build scanning tools to verify that integrations meet our security requirements and automatically notify developers when issues need to be corrected. We also scan for API tokens that have been inadvertently published to sites such as GitHub. We are looking for leaders to manage our Proactive Security team. If you’re an experienced, people-focused engineering lead, and you’re excited about growing people and teams to help protect our merchants, this role is for you!
You will:

• Grow the team both through mentoring, acting as a subject matter expert to a team of ICs, and external hiring
• Help define the long-term vision of application security at Shopify and rally the team around and towards this vision
• Help to roadmap and decompose our vision into granular milestones and projects; aid the team in getting from vision to reality
• Own team and technical decisions; demonstrate high quality judgment and help drive team consensus
• Build, leverage, and own cross-line and organization relationships

• Be curious
• Be empathetic
• Possess the technical experience necessary to mentor your team and improve processes
• Have demonstrated experience of successfully leading and growing teams
• Have a passion for growing people on your teams from junior into senior roles
• Be accountable for and driving the execution of your team
• Be committed to creating high quality, low-friction, automated (where possible) solutions to help safeguard and champion for the security of our merchants

• Setting up and/or running a bug bounty program
• Securing a multi-tenant web application
• Performing web application penetration testing using all resources at your disposal, especially source code
• Building tooling to help developers deploy secure software
• Triaging and resolving security vulnerabilities in the application layer
• Conducting application design reviews and building security solutions
• Developing web or mobile applications