Staff Security Engineer, Offensive Security
Austin, TX, United States
Shopify
Try Shopify free and start a business or grow an existing one. Get more than ecommerce software with tools to manage every part of your business.Company Description
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. Since 2006, we’ve grown to over 10,000 employees and generated over $500 billion in sales for millions of merchants in 175 countries. Every 28 seconds, an entrepreneur on Shopify makes their first sale.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion — and embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work
Job Description
As a Staff Security Engineer focusing on Offensive Security, you’ll work cross-functionally with our engineering teams to build a comprehensive Offensive Security program.
Our Trust team works every day to create strong defenses that safeguard the trust that merchants place in our platform. As part of this team we need a creative, highly technical, passionate, and resourceful person to help us actively stress our defenses, with exceptional communication and interpersonal skills to drive real improvements from our work.
You’ll be responsible for designing and operating red team exercises, researching emerging threats, creating and improving offensive tooling, and collaborating to turn findings into better security.
You will:
- Design and execute exercises based on emerging threats
- Research and leverage novel attack techniques
- Automate and develop tooling for offensive security operations
- Generate clear and concise intelligence from offensive exercises
- Collaborate with other teams to enhance our defenses, detections and response
- Be accountable for the technical leadership of this workstream
- Provide technical mentorship to others on the team
Qualifications
- Be a constant learner, developing a deep understanding of technology across Shopify
- Demonstrate skills and experience in designing and executing red team scenarios
- Possess the technical expertise necessary to independently leverage exploits
- Use strong communication skills to effectively convey findings and discuss solutions
- Have the skills necessary (for example, proficiency in a scripting language) to develop effective tooling
- Quickly and effectively take initiatives from an idea, through executing and extracting value.
- Constantly looking for ways to elevate the team's capabilities through experience, skills, and mentorship.
It would be great if you had experience with some of:
- Mac OS endpoint security configuration and tooling
- Infrastructure security in cloud environments, such as GCP
- Corporate SaaS platforms such as Okta, Google, Github, or others
- Innovative and next generation social engineering techniques
- Developing or deploying security testing tools
- Common web application vulnerabilities such as XSS and CSRF
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud CSRF Endpoint security Exploits GCP GitHub Offensive security Okta Red team SaaS Scripting Vulnerabilities XSS
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs