About the role
Shopify employees make commerce better for our 600,000K+ merchants every day. This includes ensuring every aspect of Shopify is secure, from storefront to the Admin panel to our mobile applications. Business happens wherever our merchants happen to be - folks no longer find themselves tethered to any particular device and all our applications require the same level of care.
If you're an application security engineer who dives deep on mobile-specific security OR a mobile developer who is constantly seeking ways to make your code more secure, we'd love to hear from you! There's a huge diversity of work to be done on the team, from helping identify and respond to application vulnerabilities to developing tools to integrate security into our mobile development process.
Requirements for the role:
- Mobile development experience. You’ve built native mobile applications for either iOS or Android (or both!)
- A collaborative approach to security. You understand that developers are building great products and want to help make those products can be even better
- An eye for edge cases. You see potential vulnerabilities when reviewing mobile application architecture and design roadmaps and offer detailed suggestions to secure them
- Thorough knowledge of mobile security issues. You’ve built a library in your mind of common issues, and continually learn more about new applications and issues
- Inherent creativity and curiosity. You don’t believe in forcing a new problem into an old solution, and want to find creative ways to include security in the software development process
- Web application development, especially with Ruby on Rails
- Contributing to open source security projects
- Work with bug bounty programs (like our program, for instance: https://hackerone.com/shopify)
- Performing security audits of internally-developed apps
- Responding to vulnerabilities disclosed through our bug bounty program
- Providing security advice to our Retail product teams
- Developing tools to help scale the mobile security assessment process
We know that looking for a new role can be both exciting and time-consuming, and we truly appreciate your effort. Krystle is an actual real live person (👋🏻) and is looking forward to learning more about you and your interest in joining our team.