About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $947 billion in sales for millions of merchants in 175 countries.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About You

Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.

Before you apply, consider if you can:

• Care deeply about what you do and about making commerce better for everyone
• Excel by seeking professional and personal hypergrowth
• Keep up with an unrelenting pace (the week, not the quarter)
• Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
• Bring critical thought and opinion
• Embrace differences and disagreement to get shit done and move forward
• Work digital-first for your daily work
  
  
  

About The Role

We’re hiring for multiple roles across a range of teams in Security Analysis within Shopify’s Trust organization. If any of the qualifications listed align with your skills and experience, we highly encourage you to apply!

Within these teams you will collaborate with Engineers, Technical Program Managers, and cross-functional teams to help protect our merchants and our company while supporting Shopify's rapid pace of development. You will be an essential member of our group of security professionals and a key player in operating and refining security controls that support Shopify’s programs, platforms, and products.

You’ll be leveraging your expertise in technology and security, along with your knowledge of Shopify’s products, applications and infrastructure, to understand and manage risk. You will be developing, performing, and improving technical controls that are foundational components of Shopify’s security programs.

The roles that we’re currently hiring are Technical Security Analysts among three teams: Identity and Access Management, Third Party Security, and Restricted Environment Assurance. To learn more about these teams and the kind of work that we do here, please continue reading.

Team descriptions and what you’ll do:

Identity Access Management

This team ensures that employees are equipped with the right technology they need to securely do this work.

• Analyze the impact of our current and future security controls within the identity and access management space
• Automate and improve security workflows and tasks across the scope of our security programs
• Provide operational security guidance to ensure programs are running effectively, efficiently and without gaps
• Collaborate with cross functional teams and gather evidence for assessments, implementations, and use of new tools and workflows
• Monitor Shopify’s current technology stack and make recommendations to reduce security risk
• Lead and contribute to projects that build out and harden security at Shopify
• Utilize data and key metrics to understand Shopify’s security program
• Develop and share security best practices
  
  
  

Third Party Security

This team maintains the integrity and confidentiality of Shopify's systems and data by closely monitoring and assessing the security of our third party software, tools, and external user access to internal systems.

• Building and operating the third party risk management program within the Trust organization.
• Increasing automation and reducing toil in existing controls, and finding new ways to protect Shopify against emerging risks.
• Assessing third parties such as tooling and external workers.
• Working with cross-functional teams, including senior leadership, to evaluate and instantiate the third parties, and build controls that balance security with speed.
• Regularly interact with individuals outside Shopify, such as tooling vendors and agency hires.
  
  
  

Restricted Environment Assurance

This team is responsible for maintaining SOX and PCI compliance for Shopify. It ensures the integrity and security of Shopify’s systems and data by closely monitoring and assessing the in-scope systems, thereby maintaining compliance with Shopify's regulatory requirements.

• Actively contributing to the management and execution of cyclical controls within the operational framework.
• Collecting evidence and samples to support audit activities and ensure compliance with relevant standards.
• Providing assistance for inquiries in the help channel, and escalating complex questions to appropriate team members when necessary.
• Evaluating the PCI compliance status of partners to ensure they meet required security standards.
• Supporting the development and implementation of new projects and initiatives, ensuring alignment with strategic goals.
  
  
  

Qualifications for the roles:

Identity Access Management

• An understanding of information security fundamentals, privacy and compliance standards
• Working with large corporate identity providers at scale
• Effective communication skills, an ability to translate technology and leveraging data in storytelling
• Writing SQL queries and building data dashboards
• Ability to create and maintain trusted relationships across the organization
• Recommending and writing access policies
• Monitoring controls and security safeguards for frameworks
• Passion for documenting strategy and approach
• Demonstrated impact in performing assessments
• Bonus experience
• Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub
• Experience in technical program management
• Ability to read and understand code
• Basic knowledge of python or ruby
  
  
  

Third Party Security

• An understanding of information security fundamentals, privacy and compliance standards.
• An understanding of cloud technologies, containerized environments and infrastructure as code.
• Experience building or maintaining controls and security safeguards for frameworks.
• Ability to create and maintain trusted relationships.
• Excellent communication skills, including technical breakdowns.
• Demonstrated impact in performing assessments.
• Bonus experience
• Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub
• Familiarity with security and risk management frameworks (e.g. NIST, CVSS)
• Experience in technical program management
• Experience using automation to simplify security and IT practices.
• Experience working with compliance teams or auditors and familiarity with compliance programs such as SOC, PCI, or SOX.
  
  
  

Restricted Environment Assurance

• An understanding of information security fundamentals, privacy and compliance standards.
• An understanding of cloud technologies, containerized environments and infrastructure as code.
• Experience building or maintaining controls and security safeguards for frameworks.
• Ability to create and maintain trusted relationships.
• Excellent communication skills, including technical breakdowns.
• Demonstrated impact in performing assessments.
• Bonus experience
• Experience working with compliance teams or auditors and familiarity with compliance programs such as SOC, PCI, or SOX.
• Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub and cloud infrastructure.
• Experience using automation to simplify security and IT practices.
  
  
  

We know that applying for a new role takes a lot of work and we truly value your time. This posting will close on May 31st, 2024 at 11:00 PM EDT. We look forward to reviewing your application!