Security Analyst, Bug Bounty
Remote - Americas- Support
About the role
We’re looking for two curious and detail-oriented individuals to join Shopify’s Trust & Security Team as a Security Analyst for our bug bounty program.
As part of the Application Security team in Trust, you’ll contribute to Shopify’s mission of making commerce better for everyone by making commerce safe for everyone. The Application Security team works to discover, fix, and prevent security vulnerabilities across all of Shopify’s code and ecosystem. Our bug bounty program helps us do that by enabling us to collaborate with a global network of hackers to identify security issues in our systems.
Here’s what you can expect from the role - an opportunity to
Assess, validate, retest, and close bug bounty reports
Escalate complex reports to application security engineers
Coordinate with internal teams to ensure bug bounty reports are resolved
Communicate with hackers on the platform and answer questions about their reports
Participate in security incident response activities resulting from bug bounty reports
Create & maintain internal & external documentation supporting our program
Contribute to process & program level improvements
Qualifications
Understand common security issues and able to discuss, such as the OWASP Top 10
Comfortable using DAST tools (Burp Suite)
Ability to communicate clearly, concisely, friendly, and firmly
Proficiency in assessing high vs low risk issues and escalating them effectively
Experience communicating with different audiences & de-escalating tense situations
Demonstrated ability to maintain a consistent and sustainable operational rhythm
Superb investigative, analytical, and decision-making skills
Foundational understanding of how web requests & applications work
Foundational understanding of cybersecurity concepts and awareness of common risks
A desire to build a career in cybersecurity
It would be great if you had experience in one or more of the following (don’t stress, we are not expecting experience in all of the following!):
Ruby development experience
Participation in bug bounty or previous experience working on a bounty program
Experience interacting with system owners to fix or remediate issues.
Experience using frameworks such as CVSS
Passion for bug bounty programs and working with the hacker community
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion
- Use AI tools reflexively as part of your fundamental workflow
- Embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work