Security Engineering Manager - Mobile Security

Shopify, Montreal, Canada

Commerce platform for small and medium-sized businesses

Shopify employees make commerce better for our 800,000+ merchants every day. This includes securing every aspect of Shopify, from storefront to the Admin panel to our mobile applications. Business happens wherever our merchants happen to be - folks no longer find themselves tethered to any particular device and all our applications require the same level of care.

If you're an application security engineer who dives deep on mobile-specific security OR a mobile developer who is constantly seeking ways to make your code more secure, we'd love to hear from you! There's a huge diversity of work to be done on the team, from helping identify and respond to application vulnerabilities to developing tools to integrate security into our mobile development process.

Requirements for the role:

  • Mobile development experience. You’ve built native mobile applications for either iOS or Android (or both!), in Objective C, Swift, Java, or Kotlin
  • A collaborative approach to security. You understand that developers are building great products and want to help make those products be even better
  • An eye for edge cases. You see potential vulnerabilities when reviewing mobile application architecture and design roadmaps and offer detailed suggestions to secure them
  • Thorough knowledge of mobile security issues. You’ve built a library in your mind of common issues, and continually learn more about new applications and issues
  • Inherent creativity and curiosity. You don’t believe in forcing a new problem into an old solution, and want to find creative ways to include security in the software development process


  • Experience leading a team
  • Back-end web application development, especially with Ruby on Rails
  • Work with bug bounty programs (like our program, for instance: https://hackerone.com/shopify)
  • Experience with IDEs Xcode and Android Studio
  • Experience with C++, React, Javascript and TypeScript, GraphQL


  • Establish and drive the mobile security roadmap for Shopify
  • Lead and mentor a small team of mobile security engineers
  • Work on projects to improve account security and abuse detection on the Shopify platform
  • Act as a trusted security advisor to the mobile development teams at Shopify
  • Perform security reviews, including code reviews, and guide developers on how to ship features securely
  • Develop tools to help scale the mobile security assessment process
  • Respond to vulnerabilities disclosed through our bug bounty program
  • Provide security advice to our Retail product teams
We know that applying to a new role takes a lot of work and we truly value your time. Ash is looking forward to reading your application and hearing why you feel this role is right for you!

This posting will close on Tuesday 18 June at 5pm EDT.

At Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.

About Shopify

Shopify is a leading cloud-based, multichannel commerce platform designed for small and medium-sized businesses. Merchants can use the software to design, set up and manage their stores across multiple sales channels, including web, mobile, social media such as Pinterest and Facebook, brick-and-mortar locations, and pop-up shops. The platform also provides a merchant with a powerful back-office and a single view of their business. 

Want to learn more about Shopify? Visit Shopify's website.