CrawlJobs Logo
Shopify Logo Shopify · IT - Administration

Security Analyst, Bug Bounty

Canada · Job Posted March 01, 2026
Apply Position
Job Link Share

Job Description

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations. Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You'll work at the intersection of external researchers, internal engineering, and AppSec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high-quality communication.

Job Responsibility

  • Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework)
  • Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation)
  • Writing clear, friendly, high-signal communication to external researchers while representing Shopify well
  • Maintaining meticulous internal documentation and context so issues can be routed and resolved efficiently
  • Using data to quantify performance and program health (queue state, SLOs, throughput, trend reporting)
  • Partnering with AppSec engineering when a report requires deeper engineering expertise
  • Detect, evaluate, and help address security threats to Shopify and its merchants
  • develop security controls and protocols
  • perform security audits
  • conduct vulnerability assessments and penetration tests
  • assist in the creation and implementation of security solutions
  • help mitigate compliance and regulatory risks
  • Solve problems quickly and follow (and improve) the team’s playbooks
  • Be meticulous in documentation and context capture (so others can pick up work without losing time)
  • Use data to investigate emerging risks/trends and translate them into repeatable solutions
  • Mentor teammates, raise the bar, and become the “go-to” expert in at least one area of the program (triage domain, vulnerability class, product area, tooling/workflows, etc.)

Requirements

  • Strong written communication skills
  • A track record of fast, high-quality problem solving, with good judgment around impact, severity, and next steps
  • Comfort operating in externally-facing workflows with security researchers, representing Shopify professionally and consistently
  • Operational discipline: you follow playbooks, improve them when they’re wrong or incomplete, and turn “institutional knowledge” into documentation
  • High attention to detail in notes, reproduction steps, evidence, and decision rationale
  • A data-informed mindset: you use metrics to quantify your throughput and quality, track trends, and help improve program health over time
  • A growth-and-multiplication approach: you mentor teammates, raise the bar, and develop deep expertise in at least one domain (vuln class, product area, triage workflow/tooling)
  • A strong sense of accountability: you take responsibility for the quality of your interactions and outcomes, and you’re ambitious about improving the security and experience we deliver
  • Strong working knowledge of web application security fundamentals (authn/authz, session management, injection, IDOR, SSRF, XSS, CSRF, access control, multi-tenant risk, etc.)
  • Demonstrated ability to reproduce vulnerability reports reliably and communicate impact precisely
  • Experience doing vulnerability assessment and/or penetration testing (professionally or in a structured program)
  • Strong judgment on severity/impact assessment and how to ask for additional info when needed
  • Comfortable working in operational queues and juggling multiple in-flight investigations without losing quality
Shopify - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Analyst, Bug Bounty

8 matching positions

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, curious, detail-orie...
Location
Location
Portugal , Braga
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst or researcher
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Customer-oriented mindset and driven by innovation
Job Responsibility
Job Responsibility
  • Analyze source code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Collaborate with other areas in the group, such as SCA and SCS
  • Supervise required technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
  • Leverage the latest technological trends for optimizing processes, including AI
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst

We are looking for a Lead Cybersecurity Analyst who can take ownership of the or...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
Farenexus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cloud and application security, with hands-on AWS production environments
  • Strong knowledge of Java (Spring/Spring Boot) and frontend security (Vue.js)
  • Solid understanding of MySQL security and data protection
  • Experience with risk assessment, vulnerability management, and incident response
  • Working knowledge of DPAs, BCP/DR, VAPT, and bug bounty programs
  • Relevant security or cloud certifications such as AWS Security Specialty, CISSP, CISM, or similar
  • Experience with containerized workloads and Kubernetes security
  • Familiarity with modern authentication and authorization approaches such as OAuth2 and OpenID Connect
  • Experience working in agile or Descopes environments
Job Responsibility
Job Responsibility
  • Define and maintain the organization’s security strategy, policies, standards, and architecture principles
  • Act as a security advisor to engineering, product, and leadership teams, ensuring alignment with business and regulatory requirements
  • Design and govern secure AWS architectures, including IAM, networking, and core AWS security services
  • Continuously assess cloud environments and drive remediation of security risks and misconfigurations
  • Lead application security reviews, threat modeling, and risk assessments for Java based backend services and Vue.js frontend applications
  • Embed security into the SDLC through secure coding practices, CI/CD security controls, and vulnerability management
  • Define and enforce data and database security controls, including encryption, access management, and auditing
  • Support compliance, audits, DPAs, BCDR planning, vulnerability assessments, and penetration testing activities
  • Lead incident response processes, security monitoring, and post-incident improvement initiatives
  • Collaborate with engineering and DevOps teams to promote a security-by-design culture and provide practical security guidance
What we offer
What we offer
  • Competitive compensation, benefits, and opportunities for growth
Read More
Arrow Right

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, detail-oriented Appl...
Location
Location
Israel , Ramat Gan
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Ability to handle multiple requests and work in a fast-paced environment
Job Responsibility
Job Responsibility
  • Assist the SCA analysts in conducting vulnerability analysis of known open-source software vulnerabilities to identify affected libraries and other elements, such as the affected vulnerable code
  • Analyze code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Supervise the technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant Product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right

Resident Assistant

If you’re looking for a job that goes beyond the basics to deliver purpose and j...
Location
Location
United States of America , Hillsboro
Salary
Salary:
18.00 - 20.00 USD / Hour
leisurecare.com Logo
Leisure Care
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated experience in a caregiving role
  • Current CNA a plus!
Job Responsibility
Job Responsibility
  • Assists resident with activities of daily living (ADL's) and all personal care skills (bathing, dressing, grooming, toileting)
  • Makes appropriate observations about the resident’s condition in every interaction
  • Records and follows-up with changes in resident’s condition in a timely manner
  • Assists residents with laundry and housekeeping services as needed
What we offer
What we offer
  • Medical, Dental and Vision
  • Early Wage Access (access to earned wages when needed!)
  • 401k
  • 10 days vacation & 1 hour Sick Leave earned for every 30 hours worked
  • Bereavement & Jury Duty Leave
  • 6 Holidays
  • 2 Float Holidays
  • Flexible Spending Accounts (Health and Dependent Care)
  • Meal Discounts
  • Tuition Assistance
  • Fulltime
Read More
Arrow Right

Traffic Management CAD Technician

FM Conway is currently recruiting a Traffic Management CAD Technician to join ou...
Location
Location
United Kingdom , Ipswich
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
July 04, 2026
Flip Icon
Requirements
Requirements
  • Strong knowledge of Traffic Management operations
  • experience using CAD, BricsCAD and Cone 11 software
  • ability to read and translate blueprints and technical drawings
  • ability to work well under pressure, prioritise tasks effectively and have excellent attention to detail
  • M7 Lantra qualification is highly desirable, but not essential
Job Responsibility
Job Responsibility
  • Working within a team of Traffic Management development designers and Project Engineers to ensure that drawings are to a high and legal standard
  • Producing clear drawings, signage placement layouts and diversion route strategies
  • Developing safe and efficient traffic management plans for work sites and road network
  • Carrying out on site assessments as required
  • Designing sites in accordance with Chapter 8 TSM
  • Engaging with Project Teams & Engineers to respond effectively to working methods that require traffic Management designs that conform to a legal standard
What we offer
What we offer
  • Career and professional development
  • 23 days holiday plus bank holidays
  • Life assurance
  • Opportunities for internal and external training
  • Access to a wide range of shopping discounts through Rewarding Great People platform
  • Health and well-being benefits including 24-hour advice lines
  • Support from in-house mental health first aiders
  • Fulltime
Read More
Arrow Right

Registered Nurse, CVOR

Baptist Downtown is hiring a Registered Nurse for our Cardiovascular Operating R...
Location
Location
United States , Jacksonville
Salary
Salary:
Not provided
baptistjax.com Logo
Baptist Health (Florida)
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 1-2 years Operating Room Nursing Experience Required
  • Basic Life Support (BLS) Required
  • Advanced Cardiac Life Support (ACLS) Required
  • Licensed Registered Nurse Required
  • Associate of Science, Nursing
  • Registered Nurse (RN) - State Nursing Boards
  • Driver's License - DMV
  • Basic Life Support (BLS) - AHA
  • Advanced Cardiac Life Support (ACLS) - AHA
Job Responsibility
Job Responsibility
  • Providing for patient needs as recognized through use of the nursing process
  • Supervision of care provided by supportive personnel and coordination of care provided by ancillary services
  • Including patients and significant others (SO)/families in developing an individualized plan of care
  • Education of patients/SO/families to their disease process and plan of care
  • Coordinating and preparing assigned operating room/case
  • Assessment of patient care needs and the anticipation of needs of the case
  • Circulating, scrubbing, assisting on Cardiothoracic and vascular procedures
  • Fulltime
Read More
Arrow Right

Pediatric Occupational Therapist

Wolfson Children's Hospital Rehab Services is hiring a Pediatric Occupational Th...
Location
Location
United States , Jacksonville
Salary
Salary:
Not provided
baptistjax.com Logo
Baptist Health (Florida)
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or higher) in Occupational Therapy Required
  • Licensed Occupational Therapist from FL Department of Health Required
  • Basic Life Support (BLS) certification from the American Heart Association Required
  • Pediatric Occupational Therapy in the outpatient setting is strongly preferred
Job Responsibility
Job Responsibility
  • Evaluates and treats patients with developmental, neurological, orthopedic, and medical diagnoses
  • Extensive patient/family education
  • Works with multidisciplinary team care
What we offer
What we offer
  • $1,000 Sign on Bonus
Read More
Arrow Right