Principal Engineer, Application Security

Remote, USA

Applications have closed

Stitch Fix

Stitch Fix is personal styling for men, women & kids that sends clothing to your door (with free shipping & returns). Get started & find clothes you'll love!

View company page


MultiThreaded Engineering, UX and Design at Stitch Fix


At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!

We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!


Stitch Fix is looking for a Principal Application Security Engineer to help secure our platforms and lead efforts to engineer, onboard and support Security efforts (Secure Development Lifecycle, Network Security, Cloud Security, etc).
In partnership with architecture and procurement, the role is a leader in the implementation,  support and evangelization of advanced security tools focused on protecting and safeguarding the organization's security posture.

The individual in this role will be part of the Security Application Security Engineering Team and work closely with the various Engineering and Platform teams at Stitch Fix in order to develop and improve our security posture. The candidate should have strong experience with Secure Development Lifecycle tools, services, applications, and programs, while working collaboratively in a production cloud environment using modern design paradigms like infrastructure-as-code (IaC). 

Our team members partner, collaborate, communicate, share, educate and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally and documentation). They should be comfortable and feel productive working in a remote setting within a highly distributed organization.

We’re looking specifically for folks who are interested in contributing to the improvements across application security with empathy, collaboration and a partnership driven mindset. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.


Skills we are looking for are broad - architecting, engineering, building, deploying, and maintaining a program of applications and services focused on our application security landscape. We are open to SREs, Security Architects and Security Platform engineers, and looking for a drive, passion and focus on delivery and working within a team. 


  • Excellent verbal and written communication skills. Ability to convey technical concepts to non-technical stakeholders and provide clear guidance on security issues.
  • Demonstrated leadership skills, ability to mentor junior team members, and lead security initiatives.
  • Written / verbal communication skills - producing technical / architectural documentation and best practice guidance
  • Minimum of 4 years of hands-on experience in application security, with a focus on web and mobile applications. Proven experience in performing security assessments, code reviews, and penetration testing.
  • Strong experience with various code languages and frameworks
  • Proficiency in various programming languages (e.g., Java, C++, Python, JavaScript). Knowledge of security frameworks, secure coding practices, and security testing tools.
  • Familiarity with software development methodologies (Agile, DevOps) and their impact on security practices. Understanding of cloud security concepts is desirable.
  • Strong problem-solving and critical-thinking skills. Ability to analyze complex systems and identify security risks effectively.
  • Knowledge of ethical hacking and hands-on experience in identifying security vulnerabilities.
  • Proven ability to work collaboratively in a fast-paced, cross-functional environment.


Engineering Technologies we rely on to pursue solutions to business problems include:

  • AWS
  • BOT Protection - Datadome
  • SIEM - Datadog
  • CircleCI
  • Ruby on Rails / Golang
  • Docker / HashiCorp Terraform

If you have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them. 


Compensation and Benefits

Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
Salary Range
$234,000$250,000 USD

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here:

Recruiting Fraud Alert: 

To all candidates: your personal information and online safety are top of mind for us.  At Stitch Fix, recruiters only direct candidates to apply through our official career pages at or

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email

You can read more about Recruiting Scam Awareness on our FAQ page here: 


Tags: Agile Application security Automation AWS C CircleCI Cloud DevOps Docker Ethical hacking Golang Java JavaScript Network security Pentesting Privacy Python Ruby Security assessment SIEM Terraform Vulnerabilities

Perks/benefits: Career development Flex vacation Health care Startup environment Transparency

Regions: Remote/Anywhere North America
Country: United States
Job stats:  33  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.