About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About you
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.

Before you apply, consider if you can:

• Care deeply about what you do and about making commerce better for everyone
• Excel by seeking professional and personal hypergrowth
• Keep up with an unrelenting pace (the week, not the quarter)
• Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
• Bring critical thought and opinion
• Embrace differences and disagreement to get shit done and move forward
• Work digital-first for your daily work

About the role
As a Security Incident Response Engineer, you’ll be leveraging your expertise in Shopify’s products, applications and infrastructure, along with your knowledge of our internal device security and identity management to investigate security alerts, build reports to assess impact, and respond to incidents that could ultimately lower the trust merchants place in Shopify.

Responsibilities

• Excel in Detection Engineering: Utilize the full power of our SIEM and SOAR platforms to maintain an asymmetric technological edge over threat actors and to maximize our security impact. Build and refine parsers, detection rules, and playbooks to boost efficiency and effectiveness while minimizing repetitive tasks. Integrate new data sources to extend our detection coverage. Contribute to monitoring system health.
• Be Impactful in Incident Response Operations: Serve as an Incident Commander, guiding security incident response with expertise and decisiveness. Leverage a comprehensive array of tools and datasets, working in tandem with the Product and Legal teams to rapidly assess, mitigate, and contain threats.
• Lead Security Automation Projects: Build robust, automated workflows that minimize manual work, enabling the team to work fast and effectively during alert triage and incident handling. Initiate new projects, ship weekly, iterate and fast-fail as needed, and Get Shit Done.
• Exemplify Constant Learning: Be obsessed with honing your craft as a security engineer by researching new technologies, performing threat hunts, and presenting your ideas with team members. Share learnings with team members through pair sessions and code reviews. Provide timely and actionable summaries for your manager and senior leadership.

You might be great in this role if you have:

• Experience writing efficient detections and automations across a product focused technical company such as Shopify including corporate environments, core infrastructure, product code, and more.
• Experience being the lead technical responder or participating in large scale and complex incident response in a cloud-based or zero trust environment, leveraging strong analytical and data literacy skills to find the needle in the haystack.
• Loves to get into the minds of bad actors, to see our attack surface as they do, in order to build proactive detections and close gaps before they can exploit them.
• Enthusiasm for scalable, reproducible security management.
• Self-motivated and creative problem-solver able to work independently with minimal guidance.
• Strong ability to work collaboratively across teams during high-stress situations.
• Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly.
• Deep knowledge of SIEM and SOAR solutions.
• Deep knowledge of threat hunting, incident response, and incident management.
• Deep knowledge of enterprise security controls in both and cloud and on-premise environments, including: IAM, RBAC, EDR
• Familiarity with application security and other security threats related to e-commerce
• Familiarity with standards such as ISO 27001/27002 or the NIST Cybersecurity Framework is desirable.