×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Security Analyst; Bug Bounty Analyst

Job in Kitchener, Ontario, Canada
Listing for: Shopify
Full Time position
Listed on 2026-03-01
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below
Position: Security Analyst (Bug Bounty Analyst  )

About The Role

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations.

Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You’ll work at the intersection of external researchers, internal engineering, and App Sec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high‑quality communication.

Key Areas of Ownership
  • Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework).
  • Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation).
  • Writing clear, friendly, high‑signal communication to external researchers while representing Shopify well.
  • Maintaining meticulous internal documentation and context so issues can be routed and resolved efficiently.
  • Using data to quantify performance and program health (queue state, SLOs, throughput, trend reporting).
  • Partnering with App Sec engineering when a report requires deeper engineering expertise.
Additional Duties
  • Detect, evaluate, and help address security threats to Shopify and its merchants; develop security controls and protocols; perform security audits; conduct vulnerability assessments and penetration tests; assist in creation and implementation of security solutions; help mitigate compliance and regulatory risks.
  • Solve problems quickly and follow (and improve) the team’s playbooks.
  • Be meticulous in documentation and context capture (so others can pick up work without losing time).
  • Use data to investigate emerging risks/trends and translate them into repeatable solutions.
  • Mentor teammates, raise the bar, and become the “go‑to” expert in at least one area of the program (triage domain, vulnerability class, product area, tooling/workflows, etc.).
Qualifications
  • Strong written communication skills.
  • A track record of fast, high‑quality problem solving, with good judgment around impact, severity, and next steps.
  • Comfort operating in externally‑facing workflows with security researchers, representing Shopify professionally and consistently.
  • Operational discipline: follow playbooks, improve them when they’re wrong or incomplete, and document institutional knowledge.
  • High attention to detail in notes, reproduction steps, evidence, and decision rationale.
  • A data‑informed mindset: use metrics to quantify throughput and quality, track trends, and improve program health over time.
  • A growth‑and‑multiplication approach: mentor teammates, raise the bar, and develop deep expertise in at least one domain (vuln class, product area, triage workflow/tooling).
  • A strong sense of accountability: take responsibility for quality of interactions and outcomes, and be ambitious about improving the security and experience delivered.
Role‑Specific Experience / Capabilities
  • Strong working knowledge of web application security fundamentals (authn/authz, session management, injection, IDOR, SSRF, XSS, CSRF, access control, multi‑tenant risk, etc.).
  • Demonstrated ability to reproduce vulnerability reports reliably and communicate impact precisely.
  • Experience doing vulnerability assessment and/or penetration testing (professionally or in a structured program).
  • Strong judgment on severity/impact assessment and how to ask for additional info when needed.
  • Comfortable working in operational queues and juggling multiple in‑flight investigations without losing quality.
About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.

This is life‑defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search