Application Security Engineer
R&D - Development – Security
Developers around the world extend Shopify's capabilities by building applications using our APIs. We want those applications to meet the same high security standard as the rest of the Shopify ecosystem. And we want to give application developers the tools and advice they need to make securing their applications as straightforward as possible. We are looking for an application security specialist who will identify and respond to vulnerabilities in applications, and partner with developers to help them build security into their apps.
You'll need to have:
- Experience testing web applications for security issues such as XSS, CSRF, and insecure direct object references
- The ability to explain security issues to developers
- An interest in finding creative ways to make it easy for developers to secure their apps
It'd be great if you have experience with:
- Developing security testing tools
- Web development using frameworks like Ruby on Rails
- The OAuth 2.0 authorization framework
- Bug bounty programs such as the Shopify Whitehat program (https://hackerone.com/shopify)
You'll be working on things like:
- Testing applications for security vulnerabilities
- Advising developers on the best ways to secure their applications
- Working with developers to resolve vulnerabilities
- Creating tools to improve the application evaluation process and help developers perform their own testing
How to Apply 📄 ➡️ 📬
If you’re interested in helping us shape the future of commerce at Shopify, click the “Apply Now” button to submit your application. Please address your application to Krystle.
Experience comes in many forms, many skills are transferable, and passion goes a long way. If your experience is this close to what we’re looking for, consider applying. We know that diversity of thought makes for the best problem-solving and creative thinking, which is why we're dedicated to adding new perspectives to the team and encourage everyone to apply.