Principal Engineer, Application Security

MultiThreaded Engineering, UX and Design at Stitch Fix

ABOUT STITCH FIX

At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!

We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!

ABOUT THE ROLE 

Stitch Fix is looking for a Principal Application Security Engineer to help secure our platforms and lead efforts to engineer, onboard and support Security efforts (Secure Development Lifecycle, Network Security, Cloud Security, etc).
In partnership with architecture and procurement, the role is a leader in the implementation,  support and evangelization of advanced security tools focused on protecting and safeguarding the organization's security posture.

The individual in this role will be part of the Security Application Security Engineering Team and work closely with the various Engineering and Platform teams at Stitch Fix in order to develop and improve our security posture. The candidate should have strong experience with Secure Development Lifecycle tools, services, applications, and programs, while working collaboratively in a production cloud environment using modern design paradigms like infrastructure-as-code (IaC). 

Our team members partner, collaborate, communicate, share, educate and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally and documentation). They should be comfortable and feel productive working in a remote setting within a highly distributed organization.

We’re looking specifically for folks who are interested in contributing to the improvements across application security with empathy, collaboration and a partnership driven mindset. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.

REQUISITE SKILLS AND EXPERIENCE

Skills we are looking for are broad - architecting, engineering, building, deploying, and maintaining a program of applications and services focused on our application security landscape. We are open to SREs, Security Architects and Security Platform engineers, and looking for a drive, passion and focus on delivery and working within a team. 

REQUIREMENTS

• Excellent verbal and written communication skills. Ability to convey technical concepts to non-technical stakeholders and provide clear guidance on security issues.
• Demonstrated leadership skills, ability to mentor junior team members, and lead security initiatives.
• Written / verbal communication skills - producing technical / architectural documentation and best practice guidance
• Minimum of 4 years of hands-on experience in application security, with a focus on web and mobile applications. Proven experience in performing security assessments, code reviews, and penetration testing.
• Strong experience with various code languages and frameworks
• Proficiency in various programming languages (e.g., Java, C++, Python, JavaScript). Knowledge of security frameworks, secure coding practices, and security testing tools.
• Familiarity with software development methodologies (Agile, DevOps) and their impact on security practices. Understanding of cloud security concepts is desirable.
• Strong problem-solving and critical-thinking skills. Ability to analyze complex systems and identify security risks effectively.
• Knowledge of ethical hacking and hands-on experience in identifying security vulnerabilities.
• Proven ability to work collaboratively in a fast-paced, cross-functional environment.

ABOUT THE TECHNOLOGY

Engineering Technologies we rely on to pursue solutions to business problems include:

• AWS
• BOT Protection - Datadome
• SIEM - Datadog
• CircleCI
• Ruby on Rails / Golang
• Docker / HashiCorp Terraform

If you have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.