Senior Software Engineer, Trust & Security (Remote, Americas)

Washington, DC
Jan 20, 2022
Jan 22, 2022
Full Time
Company DescriptionShopify's mission is to make commerce better for everyone. From building a new product feature for our commerce platform, to helping a merchant troubleshoot an issue over the phone, we want to empower our ecosystem through our work.Having a unified vision, a north star, is vitally important to ensure that we are all headed in the same direction. No matter the size or experience, we want to power every merchant's experience. This is why we're all here.Shopify is now permanently remote and we're working towards a future that is digital by default. That location you see above? Consider it merely an example of hundreds of potential locations across North America where Shopify is hiring. Learn more here: DescriptionThe Trust & Security Org's mission is to ensure that Shopify becomes and continues to be a globally trusted platform and company. We're looking for strong, forward-thinking Security-focused Software Engineers to use their expertise and passion to help achieve this mission. You and the team will design and build technically innovative solutions that empower all teams at Shopify to build powerful, resilient, and secure distributed cloud software. Merchants that depend on Shopify for a highly scalable, performant, and reliable platform benefit directly from the work you do. It likely goes without saying, but Software Engineers in the Trust & Security Org carry a huge amount of responsibility for the success of our company, and our opinionated products are the foundational internal technology that make every Shopify employee and project more impactful and more trustworthy. Our Technology stack:Primary languages: Ruby on Rails, GolangFalco: A cloud native Intrusion Detection System that gives us full visibility into what our workloads are doing.Google Cloud: Infrastructure as a Service so we can focus on our apps instead of computer hardware.Kubernetes: Shopify runs on Kubernetes. This provides many advantages like security constraints, auto-scaling, fault tolerance, and much more.Terraform: Declarative configuration for all of our infrastructure.Check out what's been keeping the team busy:Infrastructure Security: Bringing code signing to the cloud through Binary Authorization and contributing these efforts back to the communityApplication Security:Let's Encrypt x Shopify: Securing the Web 4.5 Million Domains at a TimeApplication Security: Updates on Shopify's Bug Bounty ProgramPrivacy Engineering: Deleting the UndeletableSee more at our Engineering blog: you'll do as a Senior Software Engineer on the Trust & Security Team at Shopify:Your focus will be building security at Shopify. Our scale is massive - Shopify powers millions of merchants in over 175 countries worldwideYou will contribute to the overall strategy of our Infrastructure Security team. It isn't easy, but that's one of the reasons we find it particularly rewardingYou will build security products and primitives for merchants globally. We're building out some of the most innovative cloud platform security around (we'd love to tell you more!)Approach your work from a place of empathy and enablement to Shopify's ambitionsCreate beautiful and fast code that improves our code base in meaningful waysUse test-driven development to write well-tested codeFix bugs fast and taking your time to solve hard problems wellBuild, maintain, and secure Shopify's critical infrastructure through software and systems engineeringContribute back to the open source communityExperience, qualities, and skills that are important for success in this role:You'll need to have:We know securing across the stack is a lot to ask, and you don't need to have deep experience in all of the technologies we use to apply. We've mapped out some of the different paths you could have taken to get where you are today. If your background is more aligned with infrastructure, architecture, or operations work, we're looking for experience like:Strong systems administration (you're able to talk about the differences between virtual machines, Docker and Linux containers).Building a robust monitoring, logging, and alert management systems.Architecting and building solutions for problems such as: least-privilege permissions management and secrets management.Securing containerized applications using technologies such as Docker, Kubernetes, and Terraform.If your background is more aligned with software development, building out tooling, and automation, we're looking for experience like:Strong programming foundations (we use a lot of Ruby and Go, but we believe that good programmers can work in any language).Building and rolling out tooling to help developers deploy secure software with the least friction possible.Regardless of the path you took to get here, some key things apply across the board!Great problem solving skills. You like a good puzzle, and aren't too attached to any given solution.Long-term architectural thinking. You can simultaneously keep the desired end-state in mind, while optimising current processes and practices as we move toward that goal.Enthusiasm for remote collaboration.Bonus experience:Systems security-related hobbies. You've played CTFs/war games or solved similar security puzzles. You know what binary exploitations are, how shell injections work, and how to secure a system. You might not have time to participate in these activities now, but you certainly enjoyed them in the past.A love of all things Security Operations. Complex systems and software are where your brain thrives. You excel at finding and fixing security concerns and weaknesses in themIntimate understanding of logs and their usefulness. You know that the information is there, and you always want to make it more discoverable (eg building usable alerting and reporting pipelines).Experience with any of the following: Kubernetes, Terraform, Vulnerability and Patch Management, Identity and Access Management, Incident Handling and Response.Contributing to the open source community (eg kubeaudit, voucher, krane).Additional InformationShopify is now permanently remote and working towards a future that is digital by default. Learn more about what this can mean for you.We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. And remember, we want to know what you're really interested in building and why you want to build it at Shopify, so please give us as much detail on this as you'd like in the answers on the next page. Shopify is now permanently remote, and working towards a future that is digital by default. Learn more about what this can mean for you: belief is that a strong commitment to diversity & inclusion enables us to truly make commerce better for everyone. We encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities. Please take a look at our Sustainability Reports to learn more about Shopify's commitments to our communities, and our planet: Shopify, we understand that experience comes in many forms. We're dedicated to adding new perspectives to the team - so if your experience is this close to what we're looking for, please consider applying.#LI-KO3 #LI-REMOTE #LI-AH1Interested, but not ready to apply? Join the Shopify Talent Community to learn more about us, while you polish up your resume: To Watch

Similar jobs