We’re looking for a...

Lead Software Engineer - Product Security

Job post summary
Specialty Trust and Security

About the role

Shopify is creating the future of commerce, and to do this we can’t second-guess every new idea. Our product security team wants Shopify to ship boldly for our 600K+ merchants. They teach our engineering teams to build security into their products and they build safeguards to catch issues before they go live. They also work closely with security researchers to make Shopify a more secure platform than it ever was before. At the end of the day, we want folks here to run with product ideas that could be really valuable (regardless of how wild!), knowing that our team has their backs and is there to support their ideas with the right safeguards. 

We are looking for a Technical Lead to build out security tooling for product developers across Shopify. Coming in at this level, you will get involved at the early stages of projects, providing input through design reviews. You will be working on projects and tools that have an impact across Shopify, and partner with teams to ensure that security is embedded throughout a product’s lifecycle.

In addition to our Engineering Blog, here are a few links to give you an idea of the type of work our teams have done:

1. Kristina Balaam’s session for Shopify Partners regarding secure development practices

2. Pete Yaworski’s year in review of our bug bounty program

3. better-html, a Ruby gem released by our team


  • Build out security tools and frameworks to ensure that Shopify doesn’t slow down.
  • Lead multiple projects and prioritize which needs the most attention.
  • Share knowledge and provide technical leadership to others on the team. 
  • Partner with merchant-facing product teams to build usable security features into their products.
  • Provide security advice to developers across Shopify.
  • Maintain trust with Shopify engineering teams. 

Requirements for the role:

  • Security-specific development experience. You’ve spent several years building security tools and features that scale with a growing company.
  • Partnering with non-security development teams. You’re able to communicate security-speak to anyone.
  • Ability to operate independently, but not as a silo. You require minimal supervision, but understand the value of collaborating and knowledge-sharing.
  • Keeping a bird’s eye view. You’ve seen projects through from road-mapping to completion, knowing who else to loop in in the process.
  • Good working knowledge of the OWASP Top 10. You’re a super great teammate at hacker trivia night.

Bonus experience:

  • Note: if some of this tech is new to you, that's okay! We realise that not everyone has worked with this stack before and provide opportunities for learning as you go.
  • Developing software in any of these languages: Ruby on Rails, Go, Lua, Python, Javascript, MySQL
  • Building security features for applications running on public cloud: GCP, AWS, Azure

We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Krystle is an actual real live person (👋🏻) and is looking forward to learning more about you. Tell us why this is the role for you!

Job postings for similar
Position Specialty Location
Director of Production Security Trust and Security Ottawa, Canada
Senior Technical Security Analyst Trust and Security Ottawa, Canada
Security Incident Response Lead Trust and Security Ottawa, Canada
Software Engineer - Mobile Security Trust and Security Ottawa, Canada
Lead Software Engineer - Security Trust and Security Ottawa, Canada
Choose your own Security Engineering adventure Trust and Security Ottawa, Canada