CrawlJobs Logo
Shopify Logo Shopify · IT - Administration

Security Analyst, Bug Bounty

Canada · Job Posted March 01, 2026
Apply Position
Job Link Share

Job Description

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations. Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You'll work at the intersection of external researchers, internal engineering, and AppSec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high-quality communication.

Job Responsibility

  • Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework)
  • Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation)
  • Writing clear, friendly, high-signal communication to external researchers while representing Shopify well
  • Maintaining meticulous internal documentation and context so issues can be routed and resolved efficiently
  • Using data to quantify performance and program health (queue state, SLOs, throughput, trend reporting)
  • Partnering with AppSec engineering when a report requires deeper engineering expertise
  • Detect, evaluate, and help address security threats to Shopify and its merchants
  • develop security controls and protocols
  • perform security audits
  • conduct vulnerability assessments and penetration tests
  • assist in the creation and implementation of security solutions
  • help mitigate compliance and regulatory risks
  • Solve problems quickly and follow (and improve) the team’s playbooks
  • Be meticulous in documentation and context capture (so others can pick up work without losing time)
  • Use data to investigate emerging risks/trends and translate them into repeatable solutions
  • Mentor teammates, raise the bar, and become the “go-to” expert in at least one area of the program (triage domain, vulnerability class, product area, tooling/workflows, etc.)

Requirements

  • Strong written communication skills
  • A track record of fast, high-quality problem solving, with good judgment around impact, severity, and next steps
  • Comfort operating in externally-facing workflows with security researchers, representing Shopify professionally and consistently
  • Operational discipline: you follow playbooks, improve them when they’re wrong or incomplete, and turn “institutional knowledge” into documentation
  • High attention to detail in notes, reproduction steps, evidence, and decision rationale
  • A data-informed mindset: you use metrics to quantify your throughput and quality, track trends, and help improve program health over time
  • A growth-and-multiplication approach: you mentor teammates, raise the bar, and develop deep expertise in at least one domain (vuln class, product area, triage workflow/tooling)
  • A strong sense of accountability: you take responsibility for the quality of your interactions and outcomes, and you’re ambitious about improving the security and experience we deliver
  • Strong working knowledge of web application security fundamentals (authn/authz, session management, injection, IDOR, SSRF, XSS, CSRF, access control, multi-tenant risk, etc.)
  • Demonstrated ability to reproduce vulnerability reports reliably and communicate impact precisely
  • Experience doing vulnerability assessment and/or penetration testing (professionally or in a structured program)
  • Strong judgment on severity/impact assessment and how to ask for additional info when needed
  • Comfortable working in operational queues and juggling multiple in-flight investigations without losing quality
Shopify - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Analyst, Bug Bounty

8 matching positions

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, curious, detail-orie...
Location
Location
Portugal , Braga
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst or researcher
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Customer-oriented mindset and driven by innovation
Job Responsibility
Job Responsibility
  • Analyze source code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Collaborate with other areas in the group, such as SCA and SCS
  • Supervise required technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
  • Leverage the latest technological trends for optimizing processes, including AI
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst

We are looking for a Lead Cybersecurity Analyst who can take ownership of the or...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
Farenexus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cloud and application security, with hands-on AWS production environments
  • Strong knowledge of Java (Spring/Spring Boot) and frontend security (Vue.js)
  • Solid understanding of MySQL security and data protection
  • Experience with risk assessment, vulnerability management, and incident response
  • Working knowledge of DPAs, BCP/DR, VAPT, and bug bounty programs
  • Relevant security or cloud certifications such as AWS Security Specialty, CISSP, CISM, or similar
  • Experience with containerized workloads and Kubernetes security
  • Familiarity with modern authentication and authorization approaches such as OAuth2 and OpenID Connect
  • Experience working in agile or Descopes environments
Job Responsibility
Job Responsibility
  • Define and maintain the organization’s security strategy, policies, standards, and architecture principles
  • Act as a security advisor to engineering, product, and leadership teams, ensuring alignment with business and regulatory requirements
  • Design and govern secure AWS architectures, including IAM, networking, and core AWS security services
  • Continuously assess cloud environments and drive remediation of security risks and misconfigurations
  • Lead application security reviews, threat modeling, and risk assessments for Java based backend services and Vue.js frontend applications
  • Embed security into the SDLC through secure coding practices, CI/CD security controls, and vulnerability management
  • Define and enforce data and database security controls, including encryption, access management, and auditing
  • Support compliance, audits, DPAs, BCDR planning, vulnerability assessments, and penetration testing activities
  • Lead incident response processes, security monitoring, and post-incident improvement initiatives
  • Collaborate with engineering and DevOps teams to promote a security-by-design culture and provide practical security guidance
What we offer
What we offer
  • Competitive compensation, benefits, and opportunities for growth
Read More
Arrow Right

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, detail-oriented Appl...
Location
Location
Israel , Ramat Gan
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Ability to handle multiple requests and work in a fast-paced environment
Job Responsibility
Job Responsibility
  • Assist the SCA analysts in conducting vulnerability analysis of known open-source software vulnerabilities to identify affected libraries and other elements, such as the affected vulnerable code
  • Analyze code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Supervise the technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant Product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right

Job Maps Management Specialist

Location
Location
Poland , Wrocław
Salary
Salary:
Not provided
amrest.eu Logo
AmRest
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 1 years’ experience in a similar position
  • Communicative level of English
  • Excellent knowledge of MS Office
  • Diligence and attention to details
  • Ability to plan and manage work
  • Experience in working in an international environment.
Job Responsibility
Job Responsibility
  • Manage and maintain global Job Descriptions and Job Maps, ensuring accuracy, consistency, and alignment with the organization’s structure and business model
  • Apply and support global job mapping standards and methodology across brands, functions, and countries
  • Act as a partner and subject‑matter expert for HR teams and business stakeholders regarding Job Maps, role scopes, and job titles
  • Ensure alignment between Job Maps and the Global Job Titles Matrix, providing guidance on correct job title usage
  • Monitor the quality, completeness, and adoption of Job Maps
  • Maintain Job Descriptions and position data in HR systems (e.g. SyncPeople), ensuring data accuracy and regular updates
  • Support job architecture projects and rollouts and contribute to related communication and training materials.
What we offer
What we offer
  • Stable employment under an employment contract in a global organization
  • Annual bonus - up to 10% of gross annual earnings
  • Work in a hybrid / remote model
  • Personalized benefits package: discounts to our cafes and restaurants, private medical care, Multisport card and much more
  • A friendly atmosphere in an international and fast growing Team.
  • Fulltime
Read More
Arrow Right

Front Desk Coordinator

Front Desk Coordinator Are you an organized detail oriented with excellent commu...
Location
Location
United States of America , Saint Louis
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Previous experience in a receptionist or administrative support role preferred
  • Strong communication and customer service skills
  • Ability to multitask and prioritize in a fast-paced environment
  • Proficiency with office technology and Microsoft Office Suite
Job Responsibility
Job Responsibility
  • Greet visitors, clients, and team members with professionalism and warmth
  • Answer and route incoming calls
  • manage messages and inquiries
  • Maintain reception area and conference room schedules
  • Handle mail, deliveries, and office supply inventory
  • Assist with administrative tasks, data entry, and special projects
  • Collaborate with staff to support internal communication and workflow
What we offer
What we offer
  • Competitive compensation and benefits
  • Collaborative, welcoming work culture
  • Opportunities for skill development and career growth
  • Exposure to multiple departments and business operations
  • Medical, vision, dental, and life and disability insurance
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

Sales and Customer Service Representative

A growing mid-size organization is seeking a results-driven Sales & Customer Ser...
Location
Location
United States of America , Morristown
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 1–3+ years of experience in sales, inside sales, or a sales-driven customer service role
  • Proven ability to meet or exceed sales targets
  • Strong communication and negotiation skills
  • Highly motivated, competitive, and results-oriented
  • Proficiency in Microsoft Office
  • CRM experience (Salesforce, HubSpot, etc.) preferred
  • Ability to multitask in a fast-paced, team-oriented environment
Job Responsibility
Job Responsibility
  • Proactively engage with prospective and existing customers to generate sales and meet revenue targets
  • Identify upsell and cross-sell opportunities to grow account value
  • Manage the full sales cycle, from initial outreach through order placement and follow-up
  • Build and maintain strong client relationships to drive repeat business and long-term partnerships
  • Handle customer inquiries, resolve issues, and ensure a positive customer experience
  • Process orders, prepare quotes, and provide product or service recommendations
  • Maintain accurate records of sales activity, pipeline, and client interactions within CRM systems
  • Track performance against sales goals and report on activity and results
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • free online training
Read More
Arrow Right

Business Analyst

AvePoint is seeking a Business Analyst with enterprise software solutions experi...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
avepoint.com Logo
AvePoint
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Background/experiences in relevant fields (Computer Science, Engineering, etc. preferred)
  • Professional experience with analyzing and documenting complex business processes, software development requirements, and taxonomies
  • Professional experience with requirements gathering and analysis
  • Experience producing and analyzing As-Is and To-Be documentation
  • Strong analytical and project management skills, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements
  • Excellent communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
  • Familiarity with MS Office Suite (Word, Excel, PowerPoint)
  • Ability to successfully engage in multiple initiatives simultaneously
Job Responsibility
Job Responsibility
  • Elicit requirements for software development
  • Document, analyze and evaluation requirements gathered
  • Work out deliverables such as Functional requirements (Business Requirements Document), Use Cases, GUI, Screen and Interface designs
  • Translate technical information into business language to ensure understanding of the requirements by both technical and non-technical audiences
  • Proactively communicate and collaborate with external and internal stakeholders to analyze information needs and functional requirements
  • Collaborate with developers and subject matter experts to establish the technical vision and analyze tradeoffs between usability and performance needs
  • Support the project manager and other team members in planning deliverables, scope, schedule, and other aspects of the project
Read More
Arrow Right