Vulnerability Management, Technical Security Analyst

09 Oct 2021
22 Oct 2021
We're looking for a curious and detail-oriented individual to join Shopify's Trust & Security Team as a Technical Security Analyst for our Vulnerability Management program.

As part of the Trust Assurance team in Trust, you'll be a key player in building and operating the vulnerability management program that governs Shopify's platform and products. In this role you'll have the autonomy to discover, analyse and solve security issues at scale. You'll work with security, engineering and product teams to resolve security vulnerabilities in our technology and platform.

Here's what you can expect from the role - an opportunity to:
  • Conduct security assessments on Shopify's systems and third party software.
  • Run vulnerability scans on Shopify's infrastructure.
  • Work with service providers to conduct external security testing.
  • Analyze security findings with the goal of risk identification.
  • Document the work in a way that scales for compliance programs.
  • Collaborate with other security and engineering teams to remediate vulnerabilities.
  • Maintain and grow the vulnerability management technology and tooling.


Requirements for the role:
  • Hands-on experience performing vulnerability scans usings tools like Nessus, Rapid 7, Qualsys, OpenVas, etc.
  • Experience building and maintaining vulnerability management programs in cloud based environments.
  • Experience customizing vulnerability scanning programs based on risk profiles and business needs.
  • Experience analyzing and ranking vulnerability scan results.
  • Experience interacting with system owners to fix or remediate vulnerability scan findings.

It would be great if you had experience in one or more of the following (don't stress, we are not expecting experience in all of the following!):
  • Understanding of information security fundamentals.
  • Understanding of cloud technologies, containerized environments and infrastructure as code.
  • Experience collaborating with compliance teams and familiarity with compliance programs such as SOC 2, SOX, PCI, etc.
  • Understanding of DevOps, CI/CD GitHub and CI/CD practices..
  • Building and deploying automation to simplify security and IT practices.
  • Identifying, tracking and remediating security risk.
  • Researching and using data analysis to identify security threats.
  • Experience with Google Cloud Platform.

If you want to help Shopify shape the future of commerce, hit the "Apply now" button to submit your application. We know that applying to a new role takes a lot of work and we truly value your time. Make sure you answer these questionwhen applying:

What are the biggest differences and challenges in implementing and maintaining a vulnerability managementprocessin a cloud environment (including containers)?

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. Please take a look at our 2020 Sustainability Report to learn more about Shopify's commitments.

How we hire

At Shopify, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centres around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.
Learn more about our hiring process

Similar jobs

More searches like this

Similar jobs