Staff Security Engineer, Offensive Security
Austin, TX, United States
Company Description
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. Since 2006, we've grown to over 10,000 employees and generated over $500 billion in sales for millions of merchants in 175 countries. Every 28 seconds, an entrepreneur on Shopify makes their first sale.
This is life-defining work that directly impacts people's lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity-and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
Care deeply about what you do and about making commerce better for everyone
Excel by seeking professional and personal hypergrowth
Keep up with an unrelenting pace (the week, not the quarter)
Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
Bring critical thought and opinion - and embrace differences and disagreement to get shit done and move forward
Work digital-first for your daily work
Job Description
As a Staff Security Engineer focusing on Offensive Security, you'll work cross-functionally with our engineering teams to build a comprehensive Offensive Security program.
Our Trust team works every day to create strong defenses that safeguard the trust that merchants place in our platform. As part of this team we need a creative, highly technical, passionate, and resourceful person to help us actively stress our defenses, with exceptional communication and interpersonal skills to drive real improvements from our work.
You'll be responsible for designing and operating red team exercises, researching emerging threats, creating and improving offensive tooling, and collaborating to turn findings into better security.
You will:
Design and execute exercises based on emerging threats
Research and leverage novel attack techniques
Automate and develop tooling for offensive security operations
Generate clear and concise intelligence from offensive exercises
Collaborate with other teams to enhance our defenses, detections and response
Be accountable for the technical leadership of this workstream
Provide technical mentorship to others on the team
Qualifications
Be a constant learner, developing a deep understanding of technology across Shopify
Demonstrate skills and experience in designing and executing red team scenarios
Possess the technical expertise necessary to independently leverage exploits
Use strong communication skills to effectively convey findings and discuss solutions
Have the skills necessary (for example, proficiency in a scripting language) to develop effective tooling
Quickly and effectively take initiatives from an idea, through executing and extracting value.
Constantly looking for ways to elevate the team's capabilities through experience, skills, and mentorship.
It would be great if you had experience with some of:
Mac OS endpoint security configuration and tooling
Infrastructure security in cloud environments, such as GCP
Corporate SaaS platforms such as Okta, Google, Github, or others
Innovative and next generation social engineering techniques
Developing or deploying security testing tools
Common web application vulnerabilities such as XSS and CSRF
Additional Information
#J-18808-Ljbffr