We’re looking for a...

Staff Security Developer, Shopify App Platform

Job post summary
Specialty Engineering and Development

About the role

Shopify is on a fast-moving mission to make the best products for merchants, buyers, and partners around the globe. A big piece of our success on this fast-moving mission is our partner ecosystem. Shopify’s Platform is a multi-disciplinary team that helps merchants succeed in commerce through solutions developed by our partners. In particular, 3rd Party Application Developers create impactful apps on top of Shopify APIs, libraries and SDKs that solve the merchant problems we don’t yet solve ourselves.

Shopify’s App Platform Core builds and maintains the horizontal infrastructure used by all API developers. This team also provides the controls, levers, services and tools to ensure fair access to all Application Developers. We also drive extensibility and provide capabilities that enable applications to integrate deeply and smoothly into Shopify’s various surface areas.  

We are looking for a Staff Developer to join our App Authentication and Authorization team, who can step up and be a technical leader with regards to security development.

This role is important to the business, as we need to ensure the security, reliability and sound architecture of our app authentication and authorization schemes. You'll also need to develop playbooks that distribute responsibility for handling common auth issues, and promote a well-architected auth component and (over the long-term) refactor to be less coupled and less complex.

What You'll Work On

  • Liaison with the Trust organization at large, its principles and practices.
  • Keep abreast of prevailing and up-and-coming specifications/mechanisms for performing platform auth and set (and keep updated) a long-term vision.
  • Design and implement solutions that fill gaps in our auth framework. For example: allowing non-core apps to auth apps; disentangling “per-user” and “limited TTL” aspects of tokens; supporting app-specific user permissions.
  • Design processes and implement tooling that encourages internal and external app developers to follow the “principle of least privilege”.
  • Work with data/research to identify sources of platform data risk and lead cross-disciplinary efforts to address those risks.
  • Work with product/UX to implement non-standard auth ideas in safe and intuitive ways. For example: requesting merchant authorization just-in-time; permitting merchants to decline to authorize individual scopes requested by the app.

What You Bring

  • Proven history of experience with building and maintaining an OAuth flow, SSO products, or authentication-as-a-service.
  • An appreciation for all programming languages. You'll mostly use Ruby and Go here, but experience in these languages is not required.
  • Technical leadership. You are someone who can both make an impact technically, and focus on mentorship and continual growth of the team around you.
  • Knowledge of app security issues. You’ve built a library in your mind of common issues, and continually learn more about new applications and issues.

We know that applying to a new role takes a lot of work and we truly value your time. We’re looking forward to reading your application!

This posting will close on Friday September 20 at 12pm EDT.

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.

Job postings for similar
Position Specialty Location
Senior Anti-Abuse Engineer Engineering and Development Toronto, Canada
Development Manager, Marketing Tools Engineering and Development Toronto, Canada
Development Manager, Retail Channel Engineering and Development Toronto, Canada
Production Engineering - Datastores - Database Engineer - Engineering and Development Ottawa, Montreal, Toronto, Waterloo, Remote UTC -3 to UTC -7 time
Security Engineering Lead - Mobile Applications Engineering and Development Toronto, Canada
Development Manager, Shopify Platform Engineering and Development Toronto, Canada
Director of Security Engineering Engineering and Development Toronto, Canada