Lead Application Security Engineer
Stitch FixStitch Fix is personal styling for men, women & kids that sends clothing to your door (with free shipping & returns). Get started & find clothes you'll love!
At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!
We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!
ABOUT THE ROLE
Stitch Fix is looking for a Lead Application Security Engineer to help secure our platforms and lead efforts to engineer, onboard and support Security initiatives (Design Review, Secure Development Lifecycle, Network Security, Cloud Security, etc).
In partnership with engineering, architecture and procurement, the role functions as a collaborator in driving the implementation, support and evangelization of advanced security enablement focused on protecting and safeguarding the organization's security posture.
The individual in this role will be part of the Security Engineering Team and work closely with security and all other teams at Stitch Fix in order to track, monitor, status and report against improvements to our security posture. The candidate should have strong experience with security design reviews, GRC functions, project management tools, services, applications, and programs, while working collaboratively in a production cloud environment.
Our team members partner, collaborate, communicate, share, educate, document and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally, coordination, and documentation). They should be comfortable and feel productive working in a remote setting within a highly distributed organization.
We’re looking specifically for folks who are interested in contributing to the improvements across application security with an empathetic, collaborative and partnership driven mindset. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
REQUISITE SKILLS AND EXPERIENCE
Skills we are looking for are broad; Experience organizing and planning security design reviews, identifying and aligning GRC policies to projects and product, coordination, planning and process development and consistent communication relating to the architecting, engineering, building, deploying, and maintaining programs delivering dedicated focus on our application security landscape. We are open to Security Product and Project Managers, Scrum Masters and/or Agile experts committed to success, and a driven focus on delivery and working within a team.
- Excellent verbal and written communication skills. Ability to convey business, risk and technical concepts to stakeholders and communicate clear guidance on security issues.
- Demonstrated leadership skills, ability to collaborate and assist junior team members, and lead security initiatives.
- Written / verbal communication skills - producing and delivering process, presentations and documentation on team deliverables and progress against objectives.
- Minimum of 3 years of hands-on experience leading and delivering GRC and/or application security programs.
- Familiarity with software development methodologies (Agile, DevOps) and their impact on security practices. Understanding of cloud security concepts is desirable.
- Strong coordination and critical-thinking skills. Ability to analyze large and complex systems and contribute to the delivery of security risk solutions effectively.
- Proven ability to work collaboratively in a fast-paced, cross-functional environment.
ABOUT THE TECHNOLOGY
Engineering Technologies we rely on to pursue solutions to business problems involving technology:
- AWS Cloud and Technologies
If you have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.
Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Recruiting Fraud Alert:
To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.
Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email RecruitingOperations@stitchfix.com.
You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness
More jobs like this
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs