CrawlJobs Logo

Security Analyst, Bug Bounty

shopify.com Logo

Shopify

Location Icon

Location:
Canada

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations. Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You'll work at the intersection of external researchers, internal engineering, and AppSec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high-quality communication.

Job Responsibility:

  • Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework)
  • Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation)
  • Writing clear, friendly, high-signal communication to external researchers while representing Shopify well
  • Maintaining meticulous internal documentation and context so issues can be routed and resolved efficiently
  • Using data to quantify performance and program health (queue state, SLOs, throughput, trend reporting)
  • Partnering with AppSec engineering when a report requires deeper engineering expertise
  • Detect, evaluate, and help address security threats to Shopify and its merchants
  • develop security controls and protocols
  • perform security audits
  • conduct vulnerability assessments and penetration tests
  • assist in the creation and implementation of security solutions
  • help mitigate compliance and regulatory risks
  • Solve problems quickly and follow (and improve) the team’s playbooks
  • Be meticulous in documentation and context capture (so others can pick up work without losing time)
  • Use data to investigate emerging risks/trends and translate them into repeatable solutions
  • Mentor teammates, raise the bar, and become the “go-to” expert in at least one area of the program (triage domain, vulnerability class, product area, tooling/workflows, etc.)

Requirements:

  • Strong written communication skills
  • A track record of fast, high-quality problem solving, with good judgment around impact, severity, and next steps
  • Comfort operating in externally-facing workflows with security researchers, representing Shopify professionally and consistently
  • Operational discipline: you follow playbooks, improve them when they’re wrong or incomplete, and turn “institutional knowledge” into documentation
  • High attention to detail in notes, reproduction steps, evidence, and decision rationale
  • A data-informed mindset: you use metrics to quantify your throughput and quality, track trends, and help improve program health over time
  • A growth-and-multiplication approach: you mentor teammates, raise the bar, and develop deep expertise in at least one domain (vuln class, product area, triage workflow/tooling)
  • A strong sense of accountability: you take responsibility for the quality of your interactions and outcomes, and you’re ambitious about improving the security and experience we deliver
  • Strong working knowledge of web application security fundamentals (authn/authz, session management, injection, IDOR, SSRF, XSS, CSRF, access control, multi-tenant risk, etc.)
  • Demonstrated ability to reproduce vulnerability reports reliably and communicate impact precisely
  • Experience doing vulnerability assessment and/or penetration testing (professionally or in a structured program)
  • Strong judgment on severity/impact assessment and how to ask for additional info when needed
  • Comfortable working in operational queues and juggling multiple in-flight investigations without losing quality

Additional Information:

Job Posted:
March 01, 2026

Work Type:
Remote work
Icon
Shopify - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Security Analyst, Bug Bounty

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, detail-oriented Appl...
Location
Location
Israel , Ramat Gan
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Ability to handle multiple requests and work in a fast-paced environment
Job Responsibility
Job Responsibility
  • Assist the SCA analysts in conducting vulnerability analysis of known open-source software vulnerabilities to identify affected libraries and other elements, such as the affected vulnerable code
  • Analyze code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Supervise the technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant Product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, curious, detail-orie...
Location
Location
Portugal , Braga
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst or researcher
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Customer-oriented mindset and driven by innovation
Job Responsibility
Job Responsibility
  • Analyze source code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Collaborate with other areas in the group, such as SCA and SCS
  • Supervise required technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
  • Leverage the latest technological trends for optimizing processes, including AI
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst

We are looking for a Lead Cybersecurity Analyst who can take ownership of the or...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
Farenexus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cloud and application security, with hands-on AWS production environments
  • Strong knowledge of Java (Spring/Spring Boot) and frontend security (Vue.js)
  • Solid understanding of MySQL security and data protection
  • Experience with risk assessment, vulnerability management, and incident response
  • Working knowledge of DPAs, BCP/DR, VAPT, and bug bounty programs
  • Relevant security or cloud certifications such as AWS Security Specialty, CISSP, CISM, or similar
  • Experience with containerized workloads and Kubernetes security
  • Familiarity with modern authentication and authorization approaches such as OAuth2 and OpenID Connect
  • Experience working in agile or Descopes environments
Job Responsibility
Job Responsibility
  • Define and maintain the organization’s security strategy, policies, standards, and architecture principles
  • Act as a security advisor to engineering, product, and leadership teams, ensuring alignment with business and regulatory requirements
  • Design and govern secure AWS architectures, including IAM, networking, and core AWS security services
  • Continuously assess cloud environments and drive remediation of security risks and misconfigurations
  • Lead application security reviews, threat modeling, and risk assessments for Java based backend services and Vue.js frontend applications
  • Embed security into the SDLC through secure coding practices, CI/CD security controls, and vulnerability management
  • Define and enforce data and database security controls, including encryption, access management, and auditing
  • Support compliance, audits, DPAs, BCDR planning, vulnerability assessments, and penetration testing activities
  • Lead incident response processes, security monitoring, and post-incident improvement initiatives
  • Collaborate with engineering and DevOps teams to promote a security-by-design culture and provide practical security guidance
What we offer
What we offer
  • Competitive compensation, benefits, and opportunities for growth
Read More
Arrow Right
New

HR Assistant

Robert Half is seeking HR Assistants for their clients in the Eugene area. This ...
Location
Location
United States , Eugene
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience as an HR assistant or in a related human resources/administrative position
  • Proficiency in MS Office
  • Strong interpersonal and communication skills
  • Detail-oriented, with excellent problem-solving skills.
Job Responsibility
Job Responsibility
  • Support the HR Department's recruitment process by posting job ads, screening resumes, scheduling interviews, and facilitating the onboarding process for new hires
  • Help maintain and manage the company's HR database and employee records
  • Provide administrative support to the HR team, including scheduling meetings, recording minutes, and preparing reports
  • Process employee requests and provide relevant information
  • Coordinate HR projects, meetings, and training seminars
  • Assist in the organization of company events as needed.
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • 401(k) plan
  • Free online training
  • Access to top jobs
  • Competitive compensation
Read More
Arrow Right
New

Driver

StarTrack are looking for a Light Rigid and MR driver to join our StarTrack Faci...
Location
Location
Australia , Norman Gardens
Salary
Salary:
Not provided
auspost.com.au Logo
Australia Post
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Manual transmission experience. LR and MR unrestricted licence preferred
  • To use scanners (training available)
  • Strong fitness level to be comfortable loading your van, jumping in and out of your truck all day and unloading at each drop
  • Ability to lift from 1kg to 30kg – we assess this at a medical check before you start to ensure you’re safe on the job
  • To be safety focused and understand the importance of chain of responsibility
  • Have a customer service mindset with effective communication skills
  • Good planning and organisational skills and basic numerical skills.
Job Responsibility
Job Responsibility
  • Completing your daily safety check
  • Scanning and manually packing loose loads into your truck
  • Interacting with customers throughout the day
What we offer
What we offer
  • Work life balance – work Monday to Friday
  • Onsite parking
  • Weekly pay
  • Uniform
  • Post Perks with a large array of offers and discounts
  • On the job training
  • Opportunities for career development
  • Fulltime
Read More
Arrow Right
New

Project Superintendent (Construction)

We are a team of engineers, managers, and builders. We are down to earth and sta...
Location
Location
United States , Fort Myers
Salary
Salary:
Not provided
cecoconcrete.com Logo
Ceco Concrete Construction, LLC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 2 years' experience supporting similar key position responsibilities at meeting or exceeding performance expectations
  • Excellent communication and interpersonal skills with the ability to communicate effectively with all levels of the organization, as well as with customers and subcontractors
  • Detail oriented with the ability to efficiently analyze and organize significant amounts of information regarding jobsite productivities, quality procedures and safety initiatives
  • Proficient with Microsoft Office Suite (Word, Excel, Project and Outlook)
  • Knowledgeable of safety and relevant OSHA requirements and regulations
  • Ability to travel and work for extended period of time on projects outside of office area
Job Responsibility
Job Responsibility
  • Assures achievement of productivity, quality and safety objectives
  • Supervises hiring, training, job assignment, promotion, transfers, layoffs and terminations for field personnel in accordance with company equal employment opportunity guidelines
  • Manages personnel development and activities to maximize efficiency of workforce
  • Assists the project team in establishing the sequential steps involved in all processes with the scope of the project, and adapts schedules and work tasks accordingly
  • Troubleshoots and resolves concerns regarding constructability with project team
  • Develops and maintains customer relationships to enhance company's ability to procure future projects
  • Assists with the development and coordination of material and equipment schedules and promotes their efficient use
  • Performs special projects and completes all other duties as assigned or requested for the general support of the organization
What we offer
What we offer
  • Inclusive Medical, Dental, Vision, Accident, and Illness insurance
  • Company paid Disability and Life insurance
  • Health Savings Account contribution of up to $1,000 per year
  • 401(k) retirement savings program with a company match
  • Employee Assistance Program including discounts with major vendors & products
  • Mental and physical wellness programs
  • Competitive time off package including vacation, sick, and holiday pay
  • A flexible work schedule maintaining work-life balance
  • Career advancement opportunities with a stable well-established organization
  • Tuition reimbursement program and access to LinkedIn Learning courses
  • Fulltime
Read More
Arrow Right
New

Retail Customer Service Officer

Help us deliver like never before Australia Post is delivering like never before...
Location
Location
Australia , Byron Bay
Salary
Salary:
35.01 - 37.42 AUD / Hour
auspost.com.au Logo
Australia Post
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Friendly, enthusiastic and reliable and love working in a team environment
  • Ready to put the customer at the centre of everything you do to help make a difference in the community
  • Have experience in customer service and/or cash handling
  • Be fit to lift up to 16kgs of mail regularly and stand for your shift.
Job Responsibility
Job Responsibility
  • Performing customer sales and service transactions with customers
  • Managing high value transactions accurately (handling and processing cash, cheques, credit cards and EFTPOS)
  • Conducting and processing a number of identity services transactions, including Australian Passport Interviews
  • Promoting our products and services through up-selling and cross-selling, merchandising and other promotional activities
  • Assisting customers with mail lodgements and associate costs
  • Building rewarding relationships with customers by understanding their needs
  • Assisting with administrative duties such as stocktaking and record maintenance.
What we offer
What we offer
  • 12 Weeks on the job paid training, Monday to Friday, 25 hours per week, various shifts
  • 12% Superannuation
  • Post Perks
  • Inclusive and barrier-free recruitment process
  • Career development opportunities
  • Parttime
Read More
Arrow Right