Application Security Engineer

Developers around the world extend Shopify's capabilities by building applications using our APIs. We want those applications to meet the same high security standard as the rest of the Shopify ecosystem. And we want to give application developers the tools and advice they need to make securing their applications as straightforward as possible. We are looking for an application security specialist who will identify and respond to vulnerabilities in applications, and partner with developers to help them build security into their apps.

You'll need to have:

  • Experience testing web applications for security issues such as XSS, CSRF, and insecure direct object references
  • The ability to explain security issues to developers
  • An interest in finding creative ways to make it easy for developers to secure their apps

It'd be great if you have experience with:

  • Developing security testing tools
  • Web development using frameworks like Ruby on Rails
  • The OAuth 2.0 authorization framework
  • Bug bounty programs such as the Shopify Whitehat program (

You'll be working on things like:

  • Testing applications for security vulnerabilities
  • Advising developers on the best ways to secure their applications
  • Working with developers to resolve vulnerabilities
  • Creating tools to improve the application evaluation process and help developers perform their own testing

Here's how to apply:

If you’re interested in helping us shape the future of commerce, click the “Apply now” button to submit your application. Please address your cover letter to Andrew Dunbar.

Experience comes in many forms, many skills are transferable, and passion goes a long way. If your background is this close to what we’re looking for, please consider applying, even if you aren’t able to check every box above. We are dedicated to diversity and providing an inclusive workplace for all and especially encourage members of underrepresented groups to apply. 

Back to top