As a Staff Security Engineer focusing on Offensive Security, you’ll work cross-functionally with our engineering teams to build a comprehensive Offensive Security program.
Our Trust team works every day to create strong defenses that safeguard the trust that merchants place in our platform. As part of this team we need a creative, highly technical, passionate, and resourceful person to help us actively stress our defenses, with exceptional communication and interpersonal skills to drive real improvements from our work.
You’ll be responsible for designing and operating red team exercises, researching emerging threats, creating and improving offensive tooling, and collaborating to turn findings into better security.
You will:
- Design and execute exercises based on emerging threats
- Research and leverage novel attack techniques
- Automate and develop tooling for offensive security operations
- Generate clear and concise intelligence from offensive exercises
- Collaborate with other teams to enhance our defenses, detections and response
- Be accountable for the technical leadership of this workstream
- Provide technical mentorship to others on the team
- Be a constant learner, developing a deep understanding of technology across Shopify
- Demonstrate skills and experience in designing and executing red team scenarios
- Possess the technical expertise necessary to independently leverage exploits
- Use strong communication skills to effectively convey findings and discuss solutions
- Have the skills necessary (for example, proficiency in a scripting language) to develop effective tooling
- Quickly and effectively take initiatives from an idea, through executing and extracting value.
- Constantly looking for ways to elevate the team's capabilities through experience, skills, and mentorship.
It would be great if you had experience with some of:
- Mac OS endpoint security configuration and tooling
- Infrastructure security in cloud environments, such as GCP
- Corporate SaaS platforms such as Okta, Google, Github, or others
- Innovative and next generation social engineering techniques
- Developing or deploying security testing tools
- Common web application vulnerabilities such as XSS and CSRF
