Senior Application Security Engineer (EST)
- Employer
- Shopify
- Location
- Canada
- Closing date
- 4 Nov 2021
View more
- Function
- Technology
- Level
- Senior Manager
You need to sign in or create an account to save a job.
Job Details
The Application Security team works to discover and fix security vulnerabilities in Shopify's products through sources such as internal security assessments and Shopify's public Bug Bounty program . The team then develops tooling, static analysis checks, and low-level fixes.
While all under one Application Security team, you will have the opportunity to work in one of three key areas to secure our products.
Proactive Security -
Bug Bounty -
Ecosystem Security -
In your day to day, you'll be working on things like:
Qualifications
It'd be great if you have:
Don't meet 100% of the bullets above but currently work in the app sec space and are still interested? Please apply and share your information - we want to talk to you!
Interested in applying? Check out Publicly disclosed issues from Shopify's Bug Bounty program and Updates on Shopify's Bug Bounty Program
Shopify is now permanently remote and working towards a future that is digital by design. Learn more about what this can mean for you.
At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.
How we hire
At Shopify, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centres around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.
Learn more about our hiring process
While all under one Application Security team, you will have the opportunity to work in one of three key areas to secure our products.
Proactive Security -
- Static analysis (both figuring out rulesets and deploying the technology to run them at Shopify scale), carefully chosen manual security reviews (for very high value or high risk projects), and deploying organization-wide tooling to help teams prioritize security issues
Bug Bounty -
- Shopify runs one of the world's largest bug bounty programs. The Bug Bounty team works on making our program even more awesome through tooling and special events (e.x. tracking which reports we haven't responded to outstanding comments on, better search, implementing process such as always giving a report a severity into the technology itself)
Ecosystem Security -
- Many external developers use Shopify's API to build things, and merchants want these integrations to be secure. We're building automated tooling both from integrating existing enterprise solutions and creating net-new scanners with headless browsers to test apps that are coming into our app store from a black-box perspective.
In your day to day, you'll be working on things like:
- Testing applications for security vulnerabilities
- Evolving the security of Shopify's third-party app ecosystem through automated and manual testing
- Investigating, summarizing, and actioning reports submitted to our bug bounty program
- Working side-by-side with hackers in Live Hacking Events
- Developing static analysis tooling to help developers find and fix security issues
- Educating developers on the best ways to secure their applications
- Creating hacking challenges to teach development teams about application security
Qualifications
- Experience working within or building an application security program for an organization
- Knowledge of common web application vulnerabilities such as XSS, CSRF, and insecure direct object references
- Experience testing web applications for security issues ORExperience developing web applications using modern frameworks
- The ability to educate development teams on web application vulnerabilities and work with the developers to address them
It'd be great if you have:
- Experience developing or deploying security testing tools
- Experience with bounty programs such as Shopify's HackerOne program ( https://hackerone.com/shopify )
- Experience participating in or organizing Capture the Flag (CTF) competitions
Don't meet 100% of the bullets above but currently work in the app sec space and are still interested? Please apply and share your information - we want to talk to you!
Interested in applying? Check out Publicly disclosed issues from Shopify's Bug Bounty program and Updates on Shopify's Bug Bounty Program
Shopify is now permanently remote and working towards a future that is digital by design. Learn more about what this can mean for you.
At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.
How we hire
At Shopify, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centres around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.
Learn more about our hiring process
Company
With a comprehensive set of industry-leading tools, Shopify has helped over 1,000,000 people in 175 countries take control of where they take their businesses. Headquartered in Ottawa, Canada, Shopify has worked with brands like Unilever, Kylie Cosmetics, Allbirds and countless others that started with nothing but an idea, a passion, or a purpose. We build products that help entrepreneurs around the world start and grow their businesses. As a workplace, we challenge and support you to hone your craft and make an impact. Visit our careers page for opportunities: https://www.shopify.com/careers
You need to sign in or create an account to save a job.
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert