Shopify

About the role

We’re looking for curious and detail-oriented Incident Response, Senior Analyst where you will leverage your expertise in data analytics, infrastructure, application security, and identity management to analyze security alerts and respond to a wide range of incidents, including those related to workforce security, that could ultimately lower the trust that our merchants place in Shopify.

You will own an issue from start to finish as the incident commander, bringing all the pieces together through your persistence to leave no stone unturned. There is a huge investigative component to this role, where you will have daily opportunities to apply your skills and experience as an analyst to navigate vast amounts of data and to find that needle in the haystack that will be the key to resolving the security issue, working in close partnership with our Legal team.

Responsibilities

• Alert triage; analyze and respond to security alerts, including those indicative of workforce security, with the goal of risk reduction.
• Serve as an Incident Commander by leading the response efforts to security incidents, including complex workforce security cases, as part of an on-call schedule, collaborating with colleagues all across Shopify.
• Engage in daily partnership with our Legal team on sensitive incident investigations, evidence gathering, and mitigation strategies
• Implement new alerts using the tooling we have in place, with a focus on enhancing detection capabilities for workforce security.
• Collaborate with other security, engineering, and relevant internal teams (e.g., HR, Legal) to remediate security findings and address underlying risks.
• Lead root cause analysis (RCA) sessions to identify systemic weaknesses and prevent recurrence of both external and internal incidents.
• Participate in and help define security table-top exercises, including scenarios focused on workforce security.
• Continuously refine the knowledge base through documentation and build new documents in a way that scales with the team’s growth, ensuring clarity for both technical and legal stakeholders.
• Work with your lead in identifying trends and patterns in our security landscape, including sophisticated corporate security activities, and recommending improvements to help reduce security risks across our platform.

It would be great if you had experience in more of the following:

(Don’t stress, we are not expecting experience in all of the following!)

• Experience in digital forensics or investigations related to workforce security would be a strong asset.
• Understanding of information security fundamentals, including insider threat models and detection techniques.
• Knowledge of security issues affecting web applications, infrastructure, and internal systems.
• Comfortable running and debugging scripts to automate manual work and reduce toil (e.g. Python, Ruby, bash).
• Experience working with logging and data analysis tools (e.g. SIEM, SOAR; SIGMA, Yara; SQL, Splunk, KQL)
• Experience with User and Entity Behavior Analytics (UEBA) tools or methodologies.
• Familiarity with IAM systems and their audit logs (e.g. Okta, PingOne, Microsoft Entra)
• Familiarity with cloud environments and their security logs (e.g. GCP, AWS, Azure).
• Excellent written and verbal communication skills, with experience in distilling technical data into actionable intelligence for both technical and non-technical audiences, including Legal teams.
• Experience troubleshooting problems with little up front information (finding the needle in the haystack), especially in complex internal investigations.
• Researching and using data analysis to identify security threats, both external and internal.
• Awareness of GitHub and continuous integration practices.
• Comfortable using AI/LLM tools to get the job done quickly and efficiently.

About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.

This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About you

Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.

Before you apply, consider if you can:

• Care deeply about what you do and about making commerce better for everyone
• Excel by seeking professional and personal hypergrowth
• Keep up with an unrelenting pace (the week, not the quarter)
• Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
• Bring critical thought and opinion
• Use AI tools reflexively as part of your fundamental workflow
• Embrace differences and disagreement to get shit done and move forward
• Work digital-first for your daily work