Description

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About the role

As a Security Incident Response Engineer, you’ll be leveraging your expertise in Shopify’s products, applications and infrastructure, along with your knowledge of our internal device security and identity management to investigate security alerts, build reports to assess impact, and respond to incidents that could ultimately lower the trust merchants place in Shopify.

What you’ll do

  • Own and Master our Detection and Response Platform : Take ownership of the SIEM and SOAR platform, integrating new data sources to enhance capabilities and expanding our detection coverage. Optimize parsers, detection rules, and playbooks to maximize value and efficiency, reducing toil and increasing response effectiveness. Monitor system health, and engage the vendor to leverage state-of-the-art features and to troubleshoot and resolve product defects.
  • Be Impactful in Incident Response Operations : Be the expert in the room when responding to security incidents, ensuring rapid containment and mitigation. Utilize all available tools and data sets and work closely with Product and Legal teams to quickly assess, mitigate and contain threats.
  • Lead Security Automation Projects : Build robust, automated workflows that minimize manual work, enabling the team to work fast and effectively during alert triage and incident handling. Initiate new projects, ship weekly, iterate and fast-fail as needed, and Get Shit Done.
  • Advocate for a Culture of Security at Shopify : Stay ahead of others on latest changes in the threat landscape impacting Shopify and our merchants. Contextualize your vast cyber security knowledge for both technical and non-technical audiences through effective written and oral communications. Run table top exercises and post-incident reviews to identify gaps in our security posture, determine root-cause and affect positive change.
  • Exemplify Constant Learning : Be obsessed with honing your craft as a security engineer by researching new technologies, performing threat hunts, and presenting your ideas with team members. Mentor team members through pair sessions and code reviews. Provide timely and actionable summaries for your manager and senior leadership.

About the role

As a Security Incident Response Engineer, you’ll be leveraging your expertise in Shopify’s products, applications and infrastructure, along with your knowledge of our internal device security and identity management to investigate security alerts, build reports to assess impact, and respond to incidents that could ultimately lower the trust merchants place in Shopify.

What you’ll do

  • Own and Master our Detection and Response Platform : Take ownership of the SIEM and SOAR platform, integrating new data sources to enhance capabilities and expanding our detection coverage. Optimize parsers, detection rules, and playbooks to maximize value and efficiency, reducing toil and increasing response effectiveness. Monitor system health, and engage the vendor to leverage state-of-the-art features and to troubleshoot and resolve product defects.
  • Be Impactful in Incident Response Operations : Be the expert in the room when responding to security incidents, ensuring rapid containment and mitigation. Utilize all available tools and data sets and work closely with Product and Legal teams to quickly assess, mitigate and contain threats.
  • Lead Security Automation Projects : Build robust, automated workflows that minimize manual work, enabling the team to work fast and effectively during alert triage and incident handling. Initiate new projects, ship weekly, iterate and fast-fail as needed, and Get Shit Done.
  • Advocate for a Culture of Security at Shopify : Stay ahead of others on latest changes in the threat landscape impacting Shopify and our merchants. Contextualize your vast cyber security knowledge for both technical and non-technical audiences through effective written and oral communications. Run table top exercises and post-incident reviews to identify gaps in our security posture, determine root-cause and affect positive change.
  • Exemplify Constant Learning : Be obsessed with honing your craft as a security engineer by researching new technologies, performing threat hunts, and presenting your ideas with team members. Mentor team members through pair sessions and code reviews. Provide timely and actionable summaries for your manager and senior leadership.

What you bring to the team

  • Demonstrated proficiency in building and operating security incident response and security operations programs in a technical environment.
  • Familiarity working with senior stakeholders across the organization, both technical and non technical, to develop roadmaps, integrate with larger company initiatives and deliver business and security value.
  • Experience being the lead technical responder or participating in large scale and complex incident response in a cloud-based or zero trust environment, leveraging strong analytical and data literacy skills to find the needle in the haystack.
  • Experience writing efficient detections and automations across a product focused technical company such as Shopify including corporate environments, core infrastructure, product code, and more.
  • Loves to get into the minds of bad actors, to see our attack surface as they do, in order to build proactive detections and close gaps before they can exploit them.
  • Enthusiasm for scalable, reproducible security management.
  • Self-motivated and creative problem-solver able to work independently with minimal guidance.
  • Strong ability to work collaboratively across teams during high-stress situations.
  • Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
  • Deep knowledge of SIEM and SOAR solutions.
  • Deep knowledge of threat hunting, incident response, and incident management.
  • Deep knowledge of enterprise security controls in both and cloud and on-premise environments, including: IAM, RBAC, EDR
  • Familiarity with application security and other security threats related to e-commerce
  • Familiarity with standards such as ISO 27001/27002 or the NIST Cybersecurity Framework is desirable.

What you bring to the team

  • Demonstrated proficiency in building and operating security incident response and security operations programs in a technical environment.
  • Familiarity working with senior stakeholders across the organization, both technical and non technical, to develop roadmaps, integrate with larger company initiatives and deliver business and security value.
  • Experience being the lead technical responder or participating in large scale and complex incident response in a cloud-based or zero trust environment, leveraging strong analytical and data literacy skills to find the needle in the haystack.
  • Experience writing efficient detections and automations across a product focused technical company such as Shopify including corporate environments, core infrastructure, product code, and more.
  • Loves to get into the minds of bad actors, to see our attack surface as they do, in order to build proactive detections and close gaps before they can exploit them.
  • Enthusiasm for scalable, reproducible security management.
  • Self-motivated and creative problem-solver able to work independently with minimal guidance.
  • Strong ability to work collaboratively across teams during high-stress situations.
  • Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
  • Deep knowledge of SIEM and SOAR solutions.
  • Deep knowledge of threat hunting, incident response, and incident management.
  • Deep knowledge of enterprise security controls in both and cloud and on-premise environments, including: IAM, RBAC, EDR
  • Familiarity with application security and other security threats related to e-commerce
  • Familiarity with standards such as ISO 27001/27002 or the NIST Cybersecurity Framework is desirable.