Staff Application Security Engineer Americas
Shopify
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About The Role
We’re seeking an experienced engineer for our Application Security team. In this role, you will shape and drive our application security programs while collaborating with cross-functional teams to enable secure software development at Shopify.
Team Mission
The Application Security Team is dedicated to safeguarding Shopify's software products, identifying vulnerabilities, and implementing robust security measures throughout the software development lifecycle. You will work closely with developers, engineers and stakeholders to ensure that security best practices are integrated from design through deployment.
Key Areas of Ownership
- Ownership of a secure SDLC process ensuring pre-deployment software security
- Building secure-by-default frameworks, automation, and utilities across key stacks including Ruby on Rails, React, iOS, and Android
- Advising engineering teams on secure designs and implementations including threat modeling and architecture review
- Performing security architecture reviews and rigorous security-focused code reviews
- Supporting application security on-call support during daytime rotations
Responsibilities
- Drive execution of security initiatives with high quality
- Clarify priorities and tackle ambiguous challenges
- Address complex dependencies and resource constraints effectively
- Model Shopify's methods for building excellent software and rapid execution
- Utilize AI tools and develop lightweight automated workflows for security improvements
Qualifications
- Solid background in application security and secure SDLC practices
- Proven software development skills with production quality code delivery
- Experience managing multi-tenant web applications and overcoming security challenges
- Track record of scaling security programs in fast-paced environments
- Excellent communication skills across diverse teams
- Experience in security reviews and penetration testing
- Familiarity with secure development practices in Ruby and Ruby on Rails
Bonus Points
- Knowledge of cloud infrastructure security (AWS, GCP, Azure)
- Experience with secure practices in JavaScript/TypeScript, Go, Rails, React
- Experience in securing mobile applications and building mobile security paved paths
About Shopify
Shopify empowers entrepreneurs and enterprises worldwide. With over 8,300 employees and over $1 trillion in sales generated for millions of merchants across 175 countries since 2006, Shopify creates significant impact. This role offers life-defining work that transforms both your career and the global business landscape.
About You
If you thrive in a fast-paced, ever-changing environment, are resilient, resourceful, and comfortable with ambiguity, Shopify might be the right place for you. Bring your passion, technical expertise, and willingness to adapt using AI tools to help secure our digital future.
Key skills/competency
- Application Security
- Secure SDLC
- Threat Modeling
- Security Reviews
- Automation
- Ruby on Rails
- React
- Cloud Security
- Code Review
- Penetration Testing
How to Get Hired at Shopify
- Research Shopify's culture: Study mission, values, latest news, and employee reviews.
- Customize your resume: Emphasize secure SDLC and development skills.
- Showcase project impact: Detail security initiatives and outcomes.
- Prepare for technical interviews: Review threat modeling and code review scenarios.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background