Technical Security Analyst
Remote - Americas
- Support
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion
- Embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work
About the role
We’re seeking a curious and detail-oriented individual to join Shopify’s Trust Assurance team as a Technical Security Analyst. In this role, you’ll support our interactions with the sales team by responding to Plus merchant inquiries related to technical security and data protection, and contribute to operational control activities that are required to maintain security compliance.
A Day in the Life: a typical day in this role may include:
Providing expert advice to external entities and internal Sales teams regarding security and compliance, this includes completing security questionnaires and attending meetings with merchants as needed.
Meeting with Subject Matter Experts (SMEs) from various Shopify teams, such as Production Engineering, Security Engineering, Sales, Product, and Legal, to understand how Shopify security controls operate and ensuring all compliance checks and documentation accurately reflect our processes.
Performing scheduled tasks to verify and confirm compliance with our security control objectives.
Writing and updating code and scripts to automate and support compliance and merchant facing program tasks.
Collaborating with Trust Assurance Security Engineers to design and implement improvements for programs such as SOC, SOX, PCI, and others.
Spending time keeping Shopify's security training courses and documents up to date and ensuring they meet the evolving needs of the organization.
What You’ll Do: We need a dynamic, technically adept individual who is comfortable multi-tasking while solving problems, simplifying solutions, and inspiring and up-skilling the team and our peers. Some examples of responsibilities include:
Completing security questionnaires and providing value added advice to the Sales team in their support of our Plus merchants.
Interacting with Shopify resources to plan, implement, and conduct operational security controls related to various compliance programs.
Automating and improving security compliance processes and tasks across all compliance programs.
Providing innovative, adaptive, and scalable security training plans, tailored to the needs of particular groups.
Leveraging data and visualization tools to identify areas for improvement, track progress and inform trusted decisions.
Providing operational security guidance and advice to ensure programs are running effectively, efficiently, and without gaps.
Acting as a mentor and leader to a diverse and talented group of technical security analysts and security engineers.
What You Bring to the Team: This role has three primary focuses: supporting the Plus merchant Sales teams and working with the Security team to maintain, running our compliance programs, and maintaining Security training material. It offers a unique opportunity to work in a flexible compliance environment where expertise, innovation, and unconventional approaches are highly valued. We are looking for someone who has:
Experience working within compliance programs such as SOC, PCI, and SOX.
Experience developing and maintaining security training or other enablement materials.
Experience building automations to simplify operational tasks.
An understanding of information security fundamentals, cloud technologies, containerized environments, and infrastructure as code.
Familiarity with GitHub and other dev tooling.
The ability to identify, track, and remediate security risks related to your domain.
An investigative mindset and curiosity to gather information through research.