Infrastructure Security Engineer

at

Shopify

Company Description

At Shopify, our business operations run in the cloud and we have a diverse landscape of scalable SaaS-based applications, complemented by custom developed applications. As Shopify continues to grow, we need to scale our operations quickly. Building and constantly evolving the integration of our business systems is an essential part of scaling our business, generating leverage, and getting more efficient at operating the business.

Job Description

Securing infrastructure is a core part of engineering at Shopify. The Infrastructure Security team cares deeply about securing and supporting our production environments, and about removing the toil associated with this sort of work. We’ve seen the focus of our work change over the years as Shopify’s infrastructure scales and changes.

As an Infrastructure Security Engineer for this team, your focus will be building security at Shopify. You will have influence and will contribute to the overall strategy of our Infrastructure Security team, leading the designing and building out of security for merchants globally. It isn’t easy, but that’s one of the reasons we find it particularly rewarding. We’re building out some of the most innovative cloud platform security around (we’d love to tell you more!) Our scale is massive - Shopify powers over 1 million merchants in over 175 countries worldwide. We always approach our work from a place of empathy and enablement to Shopify’s ambitions. 

Sounds like the place for you? Read on and we’d love to hear from you!

We know securing all infrastructure is a lot to ask, and you don't need to have deep experience in all of the technologies we use to apply. We’ve mapped out some of the different paths you could have taken to get where you are today. 

If your background is more aligned with infrastructure, architecture, or operations work, we’re looking for experience like:

  • Strong systems administration (you’re able to talk about the differences between virtual machines, Docker and Linux containers)

  • Building a robust monitoring, logging, and alert management systems

  • Architecting and building solutions for problems such as: least-privilege permissions management and secrets management 

  • Securing containerized applications using technologies such as Docker, Kubernetes, and Terraform. 

​​​​

If your background is more aligned with software development, building out tooling, and automation, we’re looking for experience like:

  • Strong programming foundations (we use a lot of Ruby and Go, but we believe that good programmers can work in any language, even Bash)

  • Building and rolling out tooling to help developers deploy secure software with the least friction possible..

Regardless of the path you took to get here, some key things apply across the board!

Qualifications

Requirements for the role:

  • Desire and interest in security

  • Great problem solving skills. You like a good puzzle, and aren't too attached to any given solution

  • Long-term architectural thinking. You can simultaneously keep the desired end-state in mind, while optimising current processes and practices as we move toward that goal

  • Enthusiasm for remote collaboration

Bonus experience:

  • Systems security-related hobbies. You’ve played CTFs/war games or solved similar security puzzles. You know what binary exploitations are, how shell injections work, and how to secure a system. You might not have time to participate in these activities now, but you certainly enjoyed them in the past

  • A love of all things Security Operations. Complex systems and software are where your brain thrives. You excel at finding and fixing security concerns and weaknesses in them

  • Intimate understanding of logs and their usefulness. You know that the information is there, and you always want to make it more discoverable (e.g. building useable alerting and reporting pipelines)

  • Experience with any of the following: Kubernetes, Terraform, Vulnerability and Patch Management, Identity and Access Management, Incident Handling and Response

  • Contributing to the open source community (e.g. kubeaudit, voucher, krane)

Our Technology stack:

  • Falco: A cloud native Intrusion Detection System that gives us full visibility into what our workloads are doing.

  • Google Cloud: Infrastructure as a Service so we can focus on our apps instead of computer hardware.

  • Kubernetes: Shopify runs on Kubernetes. This provides many advantages like security constraints, auto-scaling, fault tolerance, and much more.

  • Terraform: Declarative configuration for all of our infrastructure.

Additional Information

Check out what’s been keeping the team busy:

Securing the Software Supply Chain

COUNTERMEASURE 2017: Infrastructure Security 2.0

Securing Shopify's PaaS on GKE

Keyless Entry: Securely Access GCP Services From Kubernetes 

Intro to Falco: Intrusion Detection for Containers

 

If you want to help Shopify shape the future of commerce, hit the “Apply now” button to submit your application. We know that applying to a new role takes a lot of work and we truly value your time. We are looking forward to reading your application!

Shopify is now permanently remote and working towards a future that is digital by design. Learn more about what this can mean for you.

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.

 

Apply for this job

Click on apply will take you to the actual job site or will open email app.

Click above box to copy link
Copied
Get exclusive remote work stories and fresh remote jobs, weekly 👇
View all remote jobs
Onkar By: Onkar