Director Of Security Engineering & Architecture

At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!

We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!

San Francisco, CA / Remote, USA

ABOUT SECURITY

Our team is made up of people from varied backgrounds, including security practitioners who built secure systems and processes at startups, Silicon Valley Tech companies, Fortune 500 companies, and for the Federal government. We secure Stitch Fix’s technology stack which includes modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business.  We focus on high-value, human-centric security solutions and initiatives that solve clearly identified problems but are designed in a scalable way so that our defenses continue to enhance client trust long-term as we continue to innovate as a company. In fact, some of our proudest moments come from solving security problems without writing a line of code.

ABOUT THE ROLE

We are looking for a Director of Security Engineering, for our Information Security organization. Our team members and leaders are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure.  You will be primarily responsible for the continued evolution of our Application Security, DevSecOps and Cloud Security capabilities. As a Director, strong thought leadership, partnership, strategy-setting, and communication skills are a must. 

You will lead the Application Security and DevSecOps functions focused on delivering secure code and deployment capabilities through an understanding of how Stitch Fix works. You will also be leading our Cloud Security function, focused on building controls and defenses to better secure our cloud infrastructure. We trust you to focus your time and efforts where they are needed most and to rely on the strong engineers on your teams. Your commitment to applying security to business and technology challenges in clean & innovative ways will make you a trusted advisor to your partners and their teams. You will own projects and influence our direction.

You won’t do this alone. Your teams will collaborate with business partners to define product requirements, plans, and deliverables. You will work with team members to take advantage of learning and growth opportunities in tech and product through real day-to-day work. You will impact the business in tangible, visible ways and will always have a seat at the table.

We’re looking specifically for leaders who place an emphasis on usable security. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. You will help us improve our defenses when it comes to Cloud and Infrastructure Security and respond effectively in leading the Incident Response function. You will lead teams to prototype, implement, test, deploy and maintain secure solutions and processes. You will present possible technical and business process solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.

We cannot succeed without strong partnership across the company and in many different forms. Your cross-functional team will propose and build solutions for everything from warehouse process improvements to internal accounting systems. 

REQUISITE SKILLS AND EXPERIENCE

• At least 12+ years in Information Security or related disciplines (IT, Software Engineering, etc)
• At least 10+ years delivering holistic Security Architecture solutions across Cloud Service and Infrastructure (Network, Compute and Internet)
• 7+ years working in a CI/CD paradigm bringing observability, ML and AI to augment the build and commit process, all the while reducing toil and increasing agility
• Have had 10+ years working in an agile framework dev model
• Prior Management and Architecture experience in AWS / GCP / Azure Service ecosystems.
• Develop requirements for the design of systems, components, platforms, sustainability, supportability and patterns to be developed across the technical org.
• Well-versed on the development, use and consumption of service maps, dependency maps, network and API flows, threat models and other documentation that contribute to converting complex needs of business capabilities, product, and strategy into a set of highly leverageable and transformative technical systems, patterns, and strategies.
• Work with the product and program management team to communicate the extent of current technical capabilities and the impact and boundaries they present to feature development.  
• Understand and align on future technical needs and help inform sequencing of product features and technical investments to maximize efficiency and leverage.
• Work with engineering and algorithms teams to facilitate continuous capability development and improvement across technical teams.
• Present, explain, and evangelize the value and vision of architectural direction and investments to a wide audience.
• Demonstrated capability to manage multiple work streams and drive deadlines
• Leading collaborations with key partners across strategy, product, program management, engineering, and algorithms teams to drive end-to-end architecture and its implementation.
• Strong partnership and soft skills to influence outside of the Security organization to drive business-impacting change
• Someone willing to continue to learn as both Director and Architect and grow as the Security industry continues to shift and threats change
• Champion a culture of technical innovation within the organization.

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE...

• We work collaboratively as both a centralized and distributed team —we are a combined team of both remote and HQ-based professionals. We use a variety of technologies extensively to collaborate with each other.
• You will have the opportunity to drive secure code solutions in a cloud-native environment
• We view Security as an enabling part of the business which requires a purposeful strategy through an overarching vision of how security can support the organization’s goals.
• You are a Problem Solver. Ultimately, anyone can say “no” to something —but just saying “no” isn’t solving a problem. Figuring out a compromise, like preserving or even improving an experience while still ensuring an organization’s security, is a hard problem — the type of problem which should be the most intellectually fulfilling.
  
  

We use these tools and techniques to help us get the job done and we’re excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.

WE ARE EXCITED ABOUT YOU BECAUSE...

• YOU ARE ENTHUSIASTIC ABOUT SECURITY. You will collaborate to build interesting security solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You'll learn from us, and we'll learn from you. You care deeply about the fighting to secure our clients and our employees from threats. 
• YOU HAVE A PARTNERSHIP MINDSET. Our team works together with multiple stakeholders to deliver projects that use secure technologies and processes to solve real business problems. Your team members and business partners will seek out your opinion on the focus and outcome you’re looking to achieve. You aren’t afraid to dig deep and ask the tough questions of our customers, company, and executive team.
• YOU ARE INTERESTED IN DEVELOPING THE EMPLOYEES ON YOUR TEAM. You should believe in what you’re doing and inspire others around you to be their best selves and achieve their goals. 
• YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building security sustainably, not chasing the latest fad but understanding the best solution for the problem. You're always looking for more and better ways to bake security into everyday processes, and enthusiastic about sharing them with your team.
• YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful security professionals show everyone respect and consideration.

YOU'LL LOVE WORKING AT STITCH FIX BECAUSE WE...

• Are a successful, vibrant, fast-growing company
• Are a technologically and data-driven business.
• Are at the forefront of tech and fashion, redefining shopping for the next generation.
• Are passionate about our clients and live/breathe the client experience.
• Get to be creative every day.
• Have a smart, experienced, and diverse leadership team that wants to do it right & is open to new ideas.
• Believe in autonomy & taking initiative.
• Have sunny offices in downtown San Francisco, CA, Austin, TX and Pittsburgh, PA, or your home :)
• Offer transparent, equitable, and competitive compensation based on your level to help eliminate bias in salaries, as well as equity and comprehensive health benefits.
• Are serious about our commitment to life-work balance, and have generous parental leave policies.

ABOUT STITCH FIX

At Stitch Fix, we’re about personal styling for everybody and we believe in both a service and a workplace where you can be your best, most authentic self. We’re the first fashion retailer to combine technology and data science with the human instinct of a Stylist to deliver a deeply personalized shopping experience. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. All of this results in a simple, powerful offering to our customers and a successful, growing business serving millions of men, women, and kids. We believe we are only scratching the surface on our opportunity, and we’re looking for incredible people like you to help us carry on that trend.

Please review Stitch Fix's Recruiting Privacy Policy here:
https://www.stitchfix.com/privacy/usrecruitingprivacy

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.