Infrastructure Security Engineering Manager

We’re looking for an experienced security leader to join Shopify’s Trust team and take a part in leading our Infrastructure Security team.

Shopify is constantly evolving, and the Trust team has built a safe environment for employees to do their best work without risking our merchants' trust. The Infrastructure Security team builds and manages security tooling to support our varied infrastructure, champions supply chain security, and help guide our engineers to build secure services.

As one of the leads of the Infrastructure Security team, you will be responsible for managing a portion of our engineering team, and supporting a wide range of engineering and security projects.

This is a trailblazing team! You will have the creative freedom to make a real difference and the chance to work with the best talent. Sounds like the place for you? Read on, and we'd love to hear from you!

Responsibilities

• Proactively lead and influence security across the organization, identify and address the most significant security risks and drive strategic decisions that yield high-leverage security outcomes.
• Apply first principles thinking to dissect complex security challenges, fostering innovative solutions and avoiding conventional or outdated approaches.
• Lead engineering teams tackling varied problems, from developing extensions to our infrastructure layers and building internal tools, to threat hunting and network policies.
• Ruthlessly prioritize work, focusing solely on mission-critical objectives to maintain a high pace and ensure team alignment.
• Eliminate distractions, barriers to productivity, and operational toil, ensuring the team's focus on high-leverage security work.
• Use data to define and develop metrics to understand and improve our security posture and make important, well-informed decisions together, understanding every detail.
• Foster a high-trust environment through direct communication, clearly stated expectations, and consistent feedback.
• Champion the security engineering craft, along with leaders from other Shopify teams.
• Dive into the technical details of problems to understand them deeply and guide your team in the right direction.
• Lead by example in acknowledging team missteps, transforming them into actionable insights that drive continuous improvement and strengthen future initiatives.

You might be great in this role if you have:

• Proven capability to thrive in a fast-paced, complex, and ambiguous environment, demonstrating resilience and resourcefulness in the face of rapid change and challenges
• Demonstrated experience in strategically building, optimizing, and maintaining high-performing engineering teams.
• Proven leadership in managing and developing security engineering teams that build, operate, and validate infrastructure security controls related to networking, runtime environments, authentication/authorization, and service identity.
• Familiarity with working with senior stakeholders across the organization, both technical and non-technical, to develop roadmaps, integrate with larger company initiatives, and deliver business and security value.
• Demonstrated ability to actively leverage and apply your strong technical and engineering strengths to directly contribute to problem-solving, unblock the team, and lead by technical example when critical situations demand it.
• Strong engineering and security background with a robust security mindset and the ability to write production-ready code.
• Knowledge of and/or experience with: Google Cloud, Kubernetes, Semgrep, Ruby/Rails, Rust, Go, Python, offensive security, threat hunting, PKI, Terraform.
• Experience participating in or leading on-call rotations.