Principal Engineer, Application Security
Stitch FixStitch Fix is personal styling for men, women & kids that sends clothing to your door (with free shipping & returns). Get started & find clothes you'll love!
ABOUT STITCH FIX
At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!
We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!
ABOUT THE ROLE
Stitch Fix is looking for a Principal Application Security Engineer to help secure our platforms and lead efforts to engineer, onboard and support Security efforts (Secure Development Lifecycle, Network Security, Cloud Security, etc).
In partnership with architecture and procurement, the role is a leader in the implementation, support and evangelization of advanced security tools focused on protecting and safeguarding the organization's security posture.
The individual in this role will be part of the Security Application Security Engineering Team and work closely with the various Engineering and Platform teams at Stitch Fix in order to develop and improve our security posture. The candidate should have strong experience with Secure Development Lifecycle tools, services, applications, and programs, while working collaboratively in a production cloud environment using modern design paradigms like infrastructure-as-code (IaC).
Our team members partner, collaborate, communicate, share, educate and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally and documentation). They should be comfortable and feel productive working in a remote setting within a highly distributed organization.
We’re looking specifically for folks who are interested in contributing to the improvements across application security with empathy, collaboration and a partnership driven mindset. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
REQUISITE SKILLS AND EXPERIENCE
Skills we are looking for are broad - architecting, engineering, building, deploying, and maintaining a program of applications and services focused on our application security landscape. We are open to SREs, Security Architects and Security Platform engineers, and looking for a drive, passion and focus on delivery and working within a team.
- Excellent verbal and written communication skills. Ability to convey technical concepts to non-technical stakeholders and provide clear guidance on security issues.
- Demonstrated leadership skills, ability to mentor junior team members, and lead security initiatives.
- Written / verbal communication skills - producing technical / architectural documentation and best practice guidance
- Minimum of 4 years of hands-on experience in application security, with a focus on web and mobile applications. Proven experience in performing security assessments, code reviews, and penetration testing.
- Strong experience with various code languages and frameworks
- Familiarity with software development methodologies (Agile, DevOps) and their impact on security practices. Understanding of cloud security concepts is desirable.
- Strong problem-solving and critical-thinking skills. Ability to analyze complex systems and identify security risks effectively.
- Knowledge of ethical hacking and hands-on experience in identifying security vulnerabilities.
- Proven ability to work collaboratively in a fast-paced, cross-functional environment.
ABOUT THE TECHNOLOGY
Engineering Technologies we rely on to pursue solutions to business problems include:
- BOT Protection - Datadome
- SIEM - Datadog
- Ruby on Rails / Golang
- Docker / HashiCorp Terraform
If you have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.
Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Recruiting Fraud Alert:
To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.
Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email RecruitingOperations@stitchfix.com.
You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness
More jobs like this
Remote Remote Full TimeSenior Senior-levelUSD 120K - 200K * USD 120K+ *
GuidePoint Security LLC
Career development Conferences Flex hours Flex vacation Health care
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs