Staff Security Engineer, Offensive Security

Company Description

About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. Since 2006, we’ve grown to over 10,000 employees and generated over $500 billion in sales for millions of merchants in 175 countries. Every 28 seconds, an entrepreneur on Shopify makes their first sale.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About you

Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.

Before you apply, consider if you can:

• Care deeply about what you do and about making commerce better for everyone
• Excel by seeking professional and personal hypergrowth
• Keep up with an unrelenting pace (the week, not the quarter)
• Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
• Bring critical thought and opinion — and embrace differences and disagreement to get shit done and move forward
• Work digital-first for your daily work

Job Description

As a Staff Security Engineer focusing on Offensive Security, you’ll work cross-functionally with our engineering teams to build a comprehensive Offensive Security program.

Our Trust team works every day to create strong defenses that safeguard the trust that merchants place in our platform. As part of this team we need a creative, highly technical, passionate, and resourceful person to help us actively stress our defenses, with exceptional communication and interpersonal skills to drive real improvements from our work.

You’ll be responsible for designing and operating red team exercises, researching emerging threats, creating and improving offensive tooling, and collaborating to turn findings into better security.

You will:

• Design and execute exercises based on emerging threats
• Research and leverage novel attack techniques
• Automate and develop tooling for offensive security operations
• Generate clear and concise intelligence from offensive exercises
• Collaborate with other teams to enhance our defenses, detections and response
• Be accountable for the technical leadership of this workstream
• Provide technical mentorship to others on the team

Qualifications

• Be a constant learner, developing a deep understanding of technology across Shopify
• Demonstrate skills and experience in designing and executing red team scenarios
• Possess the technical expertise necessary to independently leverage exploits
• Use strong communication skills to effectively convey findings and discuss solutions
• Have the skills necessary (for example, proficiency in a scripting language)  to develop effective tooling
• Quickly and effectively take initiatives from an idea, through executing and extracting value.
• Constantly looking for ways to elevate the team's capabilities through experience, skills, and mentorship.

It would be great if you had experience with some of:

• Mac OS endpoint security configuration and tooling
• Infrastructure security in cloud environments, such as GCP
• Corporate SaaS platforms such as Okta, Google, Github, or others
• Innovative and next generation social engineering techniques
• Developing or deploying security testing tools
• Common web application vulnerabilities such as XSS and CSRF