CrawlJobs Logo
Shopify Logo Shopify · IT - Administration

Security Analyst, Bug Bounty

Canada · Job Posted March 01, 2026
Apply Position
Job Link Share

Job Description

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations. Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You'll work at the intersection of external researchers, internal engineering, and AppSec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high-quality communication.

Job Responsibility

  • Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework)
  • Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation)
  • Writing clear, friendly, high-signal communication to external researchers while representing Shopify well
  • Maintaining meticulous internal documentation and context so issues can be routed and resolved efficiently
  • Using data to quantify performance and program health (queue state, SLOs, throughput, trend reporting)
  • Partnering with AppSec engineering when a report requires deeper engineering expertise
  • Detect, evaluate, and help address security threats to Shopify and its merchants
  • develop security controls and protocols
  • perform security audits
  • conduct vulnerability assessments and penetration tests
  • assist in the creation and implementation of security solutions
  • help mitigate compliance and regulatory risks
  • Solve problems quickly and follow (and improve) the team’s playbooks
  • Be meticulous in documentation and context capture (so others can pick up work without losing time)
  • Use data to investigate emerging risks/trends and translate them into repeatable solutions
  • Mentor teammates, raise the bar, and become the “go-to” expert in at least one area of the program (triage domain, vulnerability class, product area, tooling/workflows, etc.)

Requirements

  • Strong written communication skills
  • A track record of fast, high-quality problem solving, with good judgment around impact, severity, and next steps
  • Comfort operating in externally-facing workflows with security researchers, representing Shopify professionally and consistently
  • Operational discipline: you follow playbooks, improve them when they’re wrong or incomplete, and turn “institutional knowledge” into documentation
  • High attention to detail in notes, reproduction steps, evidence, and decision rationale
  • A data-informed mindset: you use metrics to quantify your throughput and quality, track trends, and help improve program health over time
  • A growth-and-multiplication approach: you mentor teammates, raise the bar, and develop deep expertise in at least one domain (vuln class, product area, triage workflow/tooling)
  • A strong sense of accountability: you take responsibility for the quality of your interactions and outcomes, and you’re ambitious about improving the security and experience we deliver
  • Strong working knowledge of web application security fundamentals (authn/authz, session management, injection, IDOR, SSRF, XSS, CSRF, access control, multi-tenant risk, etc.)
  • Demonstrated ability to reproduce vulnerability reports reliably and communicate impact precisely
  • Experience doing vulnerability assessment and/or penetration testing (professionally or in a structured program)
  • Strong judgment on severity/impact assessment and how to ask for additional info when needed
  • Comfortable working in operational queues and juggling multiple in-flight investigations without losing quality
Shopify - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Analyst, Bug Bounty

8 matching positions

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, curious, detail-orie...
Location
Location
Portugal , Braga
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst or researcher
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Customer-oriented mindset and driven by innovation
Job Responsibility
Job Responsibility
  • Analyze source code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Collaborate with other areas in the group, such as SCA and SCS
  • Supervise required technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
  • Leverage the latest technological trends for optimizing processes, including AI
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst

We are looking for a Lead Cybersecurity Analyst who can take ownership of the or...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
Farenexus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cloud and application security, with hands-on AWS production environments
  • Strong knowledge of Java (Spring/Spring Boot) and frontend security (Vue.js)
  • Solid understanding of MySQL security and data protection
  • Experience with risk assessment, vulnerability management, and incident response
  • Working knowledge of DPAs, BCP/DR, VAPT, and bug bounty programs
  • Relevant security or cloud certifications such as AWS Security Specialty, CISSP, CISM, or similar
  • Experience with containerized workloads and Kubernetes security
  • Familiarity with modern authentication and authorization approaches such as OAuth2 and OpenID Connect
  • Experience working in agile or Descopes environments
Job Responsibility
Job Responsibility
  • Define and maintain the organization’s security strategy, policies, standards, and architecture principles
  • Act as a security advisor to engineering, product, and leadership teams, ensuring alignment with business and regulatory requirements
  • Design and govern secure AWS architectures, including IAM, networking, and core AWS security services
  • Continuously assess cloud environments and drive remediation of security risks and misconfigurations
  • Lead application security reviews, threat modeling, and risk assessments for Java based backend services and Vue.js frontend applications
  • Embed security into the SDLC through secure coding practices, CI/CD security controls, and vulnerability management
  • Define and enforce data and database security controls, including encryption, access management, and auditing
  • Support compliance, audits, DPAs, BCDR planning, vulnerability assessments, and penetration testing activities
  • Lead incident response processes, security monitoring, and post-incident improvement initiatives
  • Collaborate with engineering and DevOps teams to promote a security-by-design culture and provide practical security guidance
What we offer
What we offer
  • Competitive compensation, benefits, and opportunities for growth
Read More
Arrow Right

Application Security Analyst

The Checkmarx Security Research group seeks an experienced, detail-oriented Appl...
Location
Location
Israel , Ramat Gan
Salary
Salary:
Not provided
checkmarx.com Logo
Checkmarx
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Passionate about security and keen on growing in the security field
  • 1-2 years of experience as an analyst
  • 1-2 years of experience in a similar role in the security field
  • Familiar with key AppSec concepts, such as understanding security concepts, vulnerabilities, and secure coding practices
  • Have a deep understanding of the OWASP Top 10
  • Experience with Python scripting/programming
  • Familiarity with both interpreted and compiled languages, and the ability to learn new programming languages and technologies independently
  • Basic experience in conducting security research, bug bounties, and Pentesting
  • Excellent writing and oral presentation skills in English
  • Ability to handle multiple requests and work in a fast-paced environment
Job Responsibility
Job Responsibility
  • Assist the SCA analysts in conducting vulnerability analysis of known open-source software vulnerabilities to identify affected libraries and other elements, such as the affected vulnerable code
  • Analyze code containing various security risks & vulnerabilities written in multiple languages/frameworks
  • Analyze results produced by Checkmark’s AST solutions that can include SAST, DAST, IaC, and other engines
  • Supervise the technical components and collaborate with the required teams
  • Engage in proactive interactions with Product and R&D teams to align the security aspect of new features and product enhancements
  • Research ways to improve internal processes and promote relevant Product features
  • Be at the forefront of the Application Security world: Discover and report Application Security trends. Suggest new ideas and write publications on new vulnerabilities and relevant topics
  • Develop Python scripts and tools for research purposes and automation
What we offer
What we offer
  • Great work environment
  • professional development
  • challenging careers
  • competitive compensation
  • great work-life balance
  • great benefits and perks throughout the year
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right

Event Technician, Audio Visual

Our technicians enjoy the opportunities to work with innovative and cutting-edge...
Location
Location
United States , Charleston
Salary
Salary:
15.64 - 20.33 USD / Hour
encoreglobal.com Logo
Encore Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High School Diploma required
  • 1 year of customer service or hospitality experience is preferred
  • 1 year of audio-visual experience or equivalent in an educational environment is preferred
  • A valid driver's license is required for team members that may operate Company vehicles
  • Additional DOT requirements may need to be met if applicable
  • Must be able to lift 50 lbs
  • Internal applicants must meet/complete all training and certification requirements as determined by Encore's Global Learning Training Program in their current position, and for the position they are applying to
  • External applicants must meet/validate and achieve/complete all training and certifications required for this position, within one year
Job Responsibility
Job Responsibility
  • Set up and operation of basic / small-scale audiovisual systems in a hospitality environment
  • Ensure a flawlessly executed event through accurate and timely setup, operation, and breakdown of basic audiovisual equipment
  • Strive to exceed the expectations and needs of internal and external customers
  • Maintain a positive relationship with all clients through effective communication
  • Meet with guests on site to ensure that their needs are met, and the equipment setup is working properly
  • Monitor events and check in on customers throughout the day
  • Understand and foster the hotel/client relationship
  • Understand the technical aspects of the job and demonstrate basic operational ability to troubleshoot and problem solve with equipment and software issues
  • Handle equipment challenges and changes in a timely and professional manner
  • Understand company processes, follow procedures, and complete systems entry and paperwork accurately
What we offer
What we offer
  • Paid Time Off
  • Vacation Days
  • Paid Holidays
  • Floating Holidays
  • Sick/Personal Days
  • Premium Recognition Program (CenterStage)
  • Performance Incentive Plans (GEI Bonus)
  • Employee Referral Program
  • Annual Merit
  • Classroom/On the Job Training
Read More
Arrow Right

Customer Care Senior Analyst

The position requires a positive and customer friendly attitude. The successful ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Positive and customer friendly attitude
  • Enthusiasm and keen interest to learn and keep up to date with relevant new product releases and developments
  • Ability to use acquired troubleshooting and technical skills in identifying root cause and resolution of issues
  • Provide 2nd level support for Oracle Hospitality applications
  • Focus in providing solutions and troubleshooting product defects
Job Responsibility
Job Responsibility
  • Provide 2nd line support globally for Oracle Hospitality customers and partners
  • Work very closely with other teams (L1, AMS, SE/Dev, CCSM) to deliver quality customer service
  • Keep up to date with new releases and new functionality
  • Identify and report back root cause and resolution of major incidents to avoid recurring issues
  • Adhere to Global L2 Support standards and processes
  • Actively participate in building Oracle Knowledgebase
  • Committed to the delivery of outstanding service to customers
  • Fulltime
Read More
Arrow Right

Mobile Associate - Retail Sales

This role supports retail operations by engaging customers and facilitating thei...
Location
Location
United States , Reynoldsburg
Salary
Salary:
16.50 - 20.00 USD / Hour
https://www.t-mobile.com Logo
T-Mobile
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High School Diploma/GED (Required)
  • 6 months of customer service and/or sales experience, Retail environment. (Preferred)
  • Change Agility (Required)
  • Communication (Required)
  • Customer Problem Solving (Required)
  • Customer Service (Required)
  • Engaging People (Required)
  • Multitasking (Required)
  • Sales (Required)
  • Teamwork Orientation (Required)
Job Responsibility
Job Responsibility
  • Develop proficiency in customer service and sales to deliver personalized technology and service solutions that meet individual needs
  • Utilize digital tools to demonstrate network coverage, service plans, and product features to enhance customer understanding and engagement
  • Complete required training to build knowledge of retail processes, systems, and wireless technology innovations
  • Collaborate with colleagues across channels to support a seamless customer experience and contribute to team initiatives
  • Also responsible for other duties/projects as assigned by business management as needed
What we offer
What we offer
  • Medical, dental and vision insurance
  • Flexible spending account
  • 401(k)
  • Employee stock grants
  • Employee stock purchase plan
  • Paid time off and up to 12 paid holidays
  • Paid parental and family leave
  • Family building benefits
  • Back-up care
  • Enhanced family support
  • Parttime
Read More
Arrow Right

Regional Sales Manager - East

SP Industries Inc., an ATS company, is searching for a Regional Sales Manager - ...
Location
Location
United States , Philadelphia
Salary
Salary:
120000.00 - 150000.00 USD / Year
atsautomation.com Logo
ATS Automation Tooling Systems Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Business, Life Sciences or a related field
  • or equivalent combination of education and relevant experience
  • 3–7+ years of sales experience in Life Sciences, including pharmaceutical, biotechnology, medical device, diagnostics, or laboratory solutions
  • 2+ years of channel, partner, or indirect sales experience, with demonstrated success managing distributor, reseller, or strategic partner relationships preferred
  • Proficiency with CRM systems (e.g., Salesforce or equivalent), pipeline forecasting, and performance reporting
Job Responsibility
Job Responsibility
  • Lead, coach, and develop a team of 4–6 Territory Account Managers to achieve and exceed revenue, profitability, and strategic growth objectives
  • Establish clear performance expectations, sales goals, and development plans for direct reports
  • Conduct regular field travel with Territory Account Managers to provide coaching, customer engagement support, and commercial execution guidance
  • Foster a culture of accountability, collaboration, and customer-centric selling
  • Utilize CRM and sales analytics tools to monitor performance, manage pipeline health, and identify opportunities for growth
  • Build and maintain relationships with Tier 1 and Tier 2 distribution partners across the region
  • Develop and execute joint business plans with distributors to drive growth, increase market penetration, and expand share of wallet
  • Align distributor sales resources with company growth initiatives, product launches, promotional campaigns, and strategic objectives
  • Ensure effective deployment of distributor sales teams through training, field engagement, and demand generation activities
  • Develop and execute regional sales strategies to achieve annual bookings, margin, and market share objectives
What we offer
What we offer
  • Life, Health, Dental, Vision
  • 401(K) including company match
  • Paid Time Off annually + Paid Holidays
  • Career Advancement Opportunities
  • Tuition Assistance
  • Fulltime
Read More
Arrow Right