We’re looking for a...

Staff Security Developer, Shopify App Platform

Job post summary
Location
Specialty Engineering and Development

About the role

Shopify is on a fast-moving mission to make the best products for merchants, buyers, and partners around the globe. A big piece of our success on this fast-moving mission is our partner ecosystem. Shopify’s Platform is a multi-disciplinary team that helps merchants succeed in commerce through solutions developed by our partners. In particular, 3rd Party Application Developers create impactful apps on top of Shopify APIs, libraries and SDKs that solve the merchant problems we don’t yet solve ourselves.

Shopify’s App Platform Core builds and maintains the horizontal infrastructure used by all API developers. This team also provides the controls, levers, services and tools to ensure fair access to all Application Developers. We also drive extensibility and provide capabilities that enable applications to integrate deeply and smoothly into Shopify’s various surface areas.  

We are looking for a Staff Developer to join our App Authentication and Authorization team, who can step up and be a technical leader with regards to security development.

This role is important to the business, as we need to ensure the security, reliability and sound architecture of our app authentication and authorization schemes. You'll also need to develop playbooks that distribute responsibility for handling common auth issues, and promote a well-architected auth component and (over the long-term) refactor to be less coupled and less complex.

What You'll Work On

  • Liaison with the Trust organization at large, its principles and practices.
  • Keep abreast of prevailing and up-and-coming specifications/mechanisms for performing platform auth and set (and keep updated) a long-term vision.
  • Design and implement solutions that fill gaps in our auth framework. For example: allowing non-core apps to auth apps; disentangling “per-user” and “limited TTL” aspects of tokens; supporting app-specific user permissions.
  • Design processes and implement tooling that encourages internal and external app developers to follow the “principle of least privilege”.
  • Work with data/research to identify sources of platform data risk and lead cross-disciplinary efforts to address those risks.
  • Work with product/UX to implement non-standard auth ideas in safe and intuitive ways. For example: requesting merchant authorization just-in-time; permitting merchants to decline to authorize individual scopes requested by the app.

What You Bring

  • Proven history of experience with building and maintaining an OAuth flow, SSO products, or authentication-as-a-service.
  • An appreciation for all programming languages. You'll mostly use Ruby and Go here, but experience is not required.
  • Technical leadership. You are someone who can both make an impact technically, and focus on mentorship and continual growth of the team around you.
  • Thorough knowledge of app security issues. You’ve built a library in your mind of common issues, and continually learn more about new applications and issues.

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.

Please get your application in by 3pm EST on Friday July 26th. We know that applying to a new role takes a lot of work and we truly value your time. We’re looking forward to reading your application!

Job postings for similar
Position Specialty Location
Production Engineer Engineering and Development Ottawa, Toronto, Remote
Production Engineering - Observability Engineer Engineering and Development Ottawa, Montreal, Toronto, Waterloo, Remote
Production Engineering - Database Engineer - Datastores Engineering and Development Ottawa, Montreal, Toronto, Waterloo, Remote UTC -3 to UTC -7 time
Director of Security Engineering Engineering and Development Toronto, Canada
Senior Technical Security Analyst Engineering and Development Toronto, Canada
Technical Program Manager - Dev Degree Engineering and Development Ottawa, Toronto
Technical Program Manager, Production Engineering Engineering and Development Ottawa, Montreal, Toronto, Waterloo
Development Manager, Shopify Start Engineering and Development Toronto, Canada
Senior Infrastructure Engineers Engineering and Development Ottawa, Montreal, Toronto, Waterloo, Remote UTC -3 to UTC -7 time