As part of the Infrastructure Security team your focus will be building security at Shopify. You will have influence and will contribute to the overall strategy of our Infrastructure Security team, leading the designing and building out of security for merchants globally. It isn’t easy, but that’s one of the reasons we find it particularly rewarding. We’re building out some of the most innovative cloud platform security around (we’d love to tell you more!) We are hiring at multiple levels including Staff and Senior level. Our scale is massive – Shopify powers million merchants in over 175 countries worldwide. We always approach our work from a place of empathy and enablement to Shopify’s ambitions.
- Systems security-related hobbies. You’ve played CTFs/war games or solved similar security puzzles. You know what binary exploitations are, how shell injections work, and how to secure a system. You might not have time to participate in these activities now, but you certainly enjoyed them in the past
- A love of all things Security Operations. Complex systems and software are where your brain thrives. You excel at finding and fixing security concerns and weaknesses in them
- Experience with any of the following: Kubernetes, Terraform, Vulnerability and Patch Management, Identity and Access Management, Incident Handling and Response
- Contributing to the open source community (e.g. kubeaudit, voucher, krane)
- Intimate understanding of logs and their usefulness. You know that the information is there, and you always want to make it more discoverable (e.g. building useable alerting and reporting pipelines)
- Building and rolling out tooling to help developers deploy secure software with the least friction possible..
- Architecting and building solutions for problems such as: least-privilege permissions management and secrets management
- Building a robust monitoring, logging, and alert management systems
- Strong systems administration (you’re able to talk about the differences between virtual machines, Docker and Linux containers)
- Strong programming foundations (we use a lot of Ruby and Go, but we believe that good programmers can work in any language, even Bash)
- Securing containerized applications using technologies such as Docker, Kubernetes, and Terraform.
Vacancy Type: Full Time
Job Location: Cambridge, Ontario, CA
Application Deadline: N/A