Internal Security Lead

We’re looking for an experienced IT security professional to join our Internal Security Team here at Shopify. This team is one of six security related trust domains we’ve identified and now with our increasing distributed workforce we need your help to launch it.

The Internal Security Team’s primary responsibility is to help retain Shopify’s default to open culture while ensuring responsible user activity, data access, and remaining empathetic to user’s use cases. The Internal Security Team is designed not to limit or prevent access to our corporate systems, but to embody and enable Shopify’s culture and values.

You’ll be responsible for the direction, vision, and output of the team while maintaining a robust and efficient security posture. The policies and processes you drive will become the wheelhouse of Internal Security operations within Shopify. You will be responsible for ensuring Shopify's security interests are a primary consideration during third-party negotiations and new technology evaluation processes.

If you want to get an idea of the positions you’ll be managing, check out our Internal Security Analyst and Internal Security Engineer positions!

You’ll need to have:

  • Exemplary communication skills, both internally and externally over various mediums
  • Experience analyzing contracts and service level agreements
  • Team development/recruiting skills
  • Great time management
  • Management experience

It’d be great if you have experience with:

  • Metrics, both positive and negative
  • SIEM and logging solutions (splunk, syslog, kafka) and their complications such as data privacy and PII
  • Designing and implementing access control policies across an organization
  • OS X deployment strategies
  • Security best practices
  • MDM/BYOD policies
  • Encryption technologies and VPNs

You’ll be working on things like:

  • Reviewing, generating and responding to questionnaires and contracts from vendors and service providers
  • Managing security incidents
  • Representing the interests of the security team in contract negotiations
  • Getting lost in log correlation while responding to a security incident
  • Reviewing security audits of key service providers
  • Educating and speaking with members of the company about security related practices or incidents

Here’s how to apply:

If you’re interested in helping us shape the future of commerce, click the “Apply now” button to submit your application. Please address your cover letter to Andrew Dunbar.

Just because you don’t fit 100% of the criteria in our “needs”, apply anyway! We’d rather have someone who is passionate and willing to grow than someone who thinks they know it all. We are dedicated to diversity and providing an inclusive workplace for all and especially encourage members of underrepresented groups to apply.

Back to top