Security Analyst (Bug Bounty Analyst) (Canada )

About The Role

We’re seeking an experienced Security Analyst to join Shopify’s security organization, focused on our Bug Bounty program operations.

Shopify powers millions of merchants worldwide—which means a large and dynamic attack surface. You’ll work at the intersection of external researchers, internal engineering, and AppSec, turning vulnerability reports into clear, actionable findings that protect Shopify and its merchants. This role is equal parts security analysis, operational excellence, and high‑quality communication.

Key Areas of Ownership

• Bug bounty report triage quality and timeliness (meet SLOs, keep queues healthy, reduce rework).
• Reproducing and validating reported security issues (prove exploitability, confirm impact, confirm affected assets, confirm fixes via retest/validation).
• Writing clear, friendly, high‑signal communication to external researchers while representing Shopify well.
• Main...