Vulnerability Management, Technical Security Analyst

  • Toronto, ON, Canada
  • Employees can work remotely
  • Full-time
  • Region: Americas
  • Department: Trust and Security

Company Description

Shopify’s mission is to make commerce better for everyone. From building a new product feature for our commerce platform, to helping a merchant troubleshoot an issue over the phone, we want to empower our ecosystem through our work.

Having a unified vision, a north star, is vitally important to ensure that we are all headed in the same direction. No matter the size or experience, we want to power every merchant’s experience. This is why we’re all here.

Shopify is now permanently remote, and we’re working towards a future that is digital by design. That location you see above? Consider it merely an example of hundreds of potential locations across Americas where Shopify is hiring. Learn more here:

Job Description

We’re looking for a curious and detail-oriented individual to join Shopify’s Trust & Security Team as a Technical Security Analyst for our Vulnerability Management program. 

As part of the Trust Assurance team in Trust, you’ll be a key player in building and operating the  vulnerability management program that governs Shopify’s platform and products. In this role you’ll have the autonomy to discover, analyse and solve security issues at scale. You’ll work with security, engineering and product teams to resolve security vulnerabilities in our technology and platform.

Here’s what you can expect from the role - an opportunity to:

  • Conduct security assessments on Shopify’s systems and third party software.

  • Run vulnerability scans on Shopify’s infrastructure. 

  • Work with service providers to conduct external security testing.

  • Analyze security findings with the goal of risk identification.

  • Document the work in a way that scales for compliance programs.

  • Collaborate with other security and engineering teams to remediate vulnerabilities.

  • Maintain and grow the vulnerability management technology and tooling.


Requirements for the role:

  • Hands-on experience performing vulnerability scans usings tools like Nessus, Rapid 7, Qualsys,  OpenVas, etc.

  • Experience building and maintaining vulnerability management programs in cloud based environments.

  • Experience customizing vulnerability scanning programs based on risk profiles and business needs.

  • Experience analyzing and ranking vulnerability scan results.

  • Experience interacting with system owners to fix or remediate vulnerability scan findings.

It would be great if you had experience in one or more of the following (don’t stress, we are not expecting experience in all of the following!):

  • Understanding of information security fundamentals.

  • Understanding of cloud technologies, containerized environments and infrastructure as code.

  • Experience collaborating with compliance teams and familiarity with compliance programs such as SOC 2, SOX, PCI, etc.

  • Understanding of DevOps, CI/CD GitHub and CI/CD practices..

  • Building and deploying  automation to simplify security and IT practices.

  • Identifying, tracking and remediating security risk.

  • Researching and using data analysis to identify security threats. 

  • Experience with Google Cloud Platform.

If you want to help Shopify shape the future of commerce, hit the “Apply now” button to submit your application. We know that applying to a new role takes a lot of work and we truly value your time. Make sure you answer these question when applying: 

What are the biggest differences and challenges in implementing and maintaining a vulnerability management process in a cloud environment (including containers)?

Additional Information

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. Please take a look at our 2020 Sustainability Report to learn more about Shopify's commitments.

Videos To Watch

Privacy Policy