Lead Software Engineer - Product Security

Ottawa, Canada
Trust & Security
Shopify is creating the future of commerce, and to do this we can’t second-guess every new idea. Our product security team wants Shopify to ship boldly for our 600K+ merchants. They teach our engineering teams to build security into their products and they build safeguards to catch issues before they go live. They also work closely with security researchers to make Shopify a more secure platform than it ever was before. At the end of the day, we want folks here to run with product ideas that could be really valuable (regardless of how wild!), knowing that our team has their backs and is there to support their ideas with the right safeguards. 

We are looking for a lead to build out security tooling for product developers across Shopify. Coming in at this level, you will get involved at the early stages of projects, providing input through design reviews. You will be working on projects and tools that have an impact across Shopify, and partner with teams to ensure that security is embedded throughout a product’s lifecycle.

In addition to our Engineering Blog, here are a few links to give you an idea of the type of work our teams have done:

1. Pete Yaworski’s year in review of our bug bounty program
2. better-html, a Ruby gem released by our team

Requirements for the role:

    • Security-specific development experience. You’ve spent several years building security tools and features that scale with a growing company.
    • Partnering with non-security development teams. You’re able to communicate security-speak to anyone.
    • Ability to operate independently, but not as a silo. You require minimal supervision, but understand the value of collaborating and knowledge-sharing.
    • Keeping a bird’s eye view. You’ve seen projects through from road-mapping to completion, knowing who else to loop in in the process.
    • Good working knowledge of the OWASP Top 10. You’re a super great teammate at hacker trivia night.

Bonus experience:

    • Note: if some of this tech is new to you, that's okay! We realise that not everyone has worked with this stack before and provide opportunities for learning as you go.
    • Developing software in any of these languages: Ruby on Rails, Go, Lua, Python, Javascript, MySQL
    • Building security features for applications running on public cloud: GCP, AWS, Azure


    • Build out security tools and frameworks to ensure that Shopify doesn’t slow down.
    • Lead multiple projects and prioritize which needs the most attention.
    • Share knowledge and provide technical leadership to others on the team. 
    • Partner with merchant-facing product teams to build usable security features into their products.
    • Provide security advice to developers across Shopify.
    • Maintain trust with Shopify engineering teams. 
We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Ash is an actual real live person (👋🏻) and is looking forward to learning more about you through your application. 

And remember, we want to know what you're really interested in building and why you want to build it at Shopify, so please give us as much detail on this as you'd like in your cover letter - we do love a good story. 👍  📖 

❄️NOTE: Our recruiting team will be out of the office during the holidays, and will respond to all applicants during the week of 7 January 2019. ❄️