Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion
- Embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work
About the role
At Shopify, we’re driven to make commerce better for everyone, and part of that mission is ensuring the safety and security of our platform. We’re seeking a dynamic Bug Bounty Manager to helm our Bug Bounty Application Security team. – this is not a software engineering role.
You’ll be the architect of the program’s structure, enhancing researcher engagement, fostering educational opportunities, and steering pivotal security enhancements. You’ll step into a leadership role designed for impact—coaching, nurturing, and empowering your team to propel the success of the Bug Bounty program.
Key Areas of Ownership for Your Team:
- Propel the Shopify Bug Bounty Program to new heights, ensuring it operates smoothly with vibrant researcher participation and fitting rewards.
- Uphold top-notch standards in all aspects of bug bounty operations, ensuring quality and adherence to timelines.
- Analyze patterns in bug reports, taking insights to relevant teams to mitigate risks and beef up security measures.
- Harness the power of software automation, AI, and innovative tech to cut down on manual efforts.
- Build and nurture a dynamic, motivated community of security researchers that align with our values of collaboration and excellence.
You will:
- Ensure operational excellence across all workstreams by monitoring key metrics, addressing blockers, and continuously improving processes.
- Mentoring and inspiring team members to stretch their limits and broaden their horizons within a culture that thrives on feedback and continuous learning.
- Serve as an escalation point and subject matter expert in incident response, engineering operations, and team triage activities as part of day to day operations.
To be successful in this role you will need:
- A background in application security.
- Experienced in leveraging platforms like HackerOne, Bugcrowd, or similar for running bug bounty initiatives.
- Experience leading and advancing a diverse and remote analyst team and developing talent.
- Excellent communication and interpersonal skills, capable of building rapport across varied teams and with external partners.
- Data-driven approach to decision-making, with a focus on optimizing processes based on key performance metrics.
It would be great if you had:
- Experience managing multi-tenant web applications and addressing the unique security challenges they present.
- Familiarity with cloud infrastructure security across AWS, GCP, or Azure.
- Familiarity with secure development practices and frameworks, especially in Ruby, JavaScript, Go, Rails, React.
- Proven ability to organize and lead community-focused events, such as workshops or conferences, related to bug bounty activities to further engage and expand our security community.
