We’re looking for a...

Security Incident Response Lead

Job post summary
Specialty Trust and Security

About the role

Shopify has grown quickly in almost every metric imaginable. As a SaaS provider, we understand that online reputation is a critical asset; developing a solid online reputation takes a lot of hard work and determination. A company’s reputation comes not only from the products its people create, but from the safeguards in place around its data and the way it responds if bad things happen.

We are looking for someone to lead our Security Incident Response Team who understands the interplay between reputation and incident response and the tenacity to develop and implement Shopify’s strategy as we continue to scale. If you are someone willing to try new approaches, to build and foster relationships with folks in the anti-abuse community, and to continue building our incident response framework, please consider joining us.

Requirements for the role:

  • Familiar with detecting and managing security threats and technical abuse cases in a cloud-based environment
  • Experience responding to and mitigating threats once they have been detected
  • Clear communication, both with internal stakeholders and through externally-facing comms
  • Able to work in a high-stakes environment where things break
  • Extremely methodical and disciplined, yet thrive in dynamic environments
  • Comfortable working autonomously, and embrace our Default to Open culture
  • Experience as a team lead - you care for people as their lead, and focus on mentorship and continual growth

Bonus experience:

  • Interacting with various working groups (FIRST, FS-ISAC, M3AAWG, etc.)
  • Managing online reputation in a cloud-based or service provider environment
  • Supporting negotiations involving complex legal agreements with third party vendors


  • Developing a clear voice and communication strategy as part of our security incident response program
  • Building frameworks to coordinate response efforts across Shopify
  • Developing a program to improve Shopify’s online reputation
  • Establishing working relationships with vendors and security teams
  • Building a threat intel sharing relationship with vendors, security teams, and working groups
  • Coordinating red team exercises to test Shopify’s incident response framework

We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Krystle is an actual real live person (👋🏻) and is looking forward to learning more about you. Tell us why this is the role for you!

Job postings for similar
Position Specialty Location
Lead Software Engineer - Security Trust and Security Ottawa, Canada
Business Systems Developer Trust and Security Ottawa, Canada
Software Engineer - Mobile Security Trust and Security Ottawa, Canada