Lead Application Security Engineer
MultiThreaded Engineering, UX and Design at Stitch Fix
At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets – and they love us for it!
We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!
ABOUT THE ROLE
Stitch Fix is looking for a Lead Application Security Engineer to help secure our platforms and lead efforts to engineer, onboard and support Security initiatives (Design Review, Secure Development Lifecycle, Network Security, Cloud Security, etc).
In partnership with engineering, architecture and procurement, the role functions as a collaborator in driving the implementation, support and evangelization of advanced security enablement focused on protecting and safeguarding the organization's security posture.
The individual in this role will be part of the Security Engineering Team and work closely with security and all other teams at Stitch Fix in order to track, monitor, status and report against improvements to our security posture. The candidate should have strong experience with security design reviews, GRC functions, project management tools, services, applications, and programs, while working collaboratively in a production cloud environment.
Our team members partner, collaborate, communicate, share, educate, document and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally, coordination, and documentation). They should be comfortable and feel productive working in a remote setting within a highly distributed organization.
We’re looking specifically for folks who are interested in contributing to the improvements across application security with an empathetic, collaborative and partnership driven mindset. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.
REQUISITE SKILLS AND EXPERIENCE
Skills we are looking for are broad; Experience organizing and planning security design reviews, identifying and aligning GRC policies to projects and product, coordination, planning and process development and consistent communication relating to the architecting, engineering, building, deploying, and maintaining programs delivering dedicated focus on our application security landscape. We are open to Security Product and Project Managers, Scrum Masters and/or Agile experts committed to success, and a driven focus on delivery and working within a team.
REQUIREMENTS
- Excellent verbal and written communication skills. Ability to convey business, risk and technical concepts to stakeholders and communicate clear guidance on security issues.
- Demonstrated leadership skills, ability to collaborate and assist junior team members, and lead security initiatives.
- Written / verbal communication skills - producing and delivering process, presentations and documentation on team deliverables and progress against objectives.
- Minimum of 3 years of hands-on experience leading and delivering GRC and/or application security programs.
- Familiarity with software development methodologies (Agile, DevOps) and their impact on security practices. Understanding of cloud security concepts is desirable.
- Strong coordination and critical-thinking skills. Ability to analyze large and complex systems and contribute to the delivery of security risk solutions effectively.
- Proven ability to work collaboratively in a fast-paced, cross-functional environment.
ABOUT THE TECHNOLOGY
Engineering Technologies we rely on to pursue solutions to business problems involving technology:
- AWS Cloud and Technologies
- G-Suite
- Slack
- JIRA
- FreshService
- ZIP
- Asana
If you have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.
COMPENSATION AND BENEFITS
Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
Salary Range
$168,000—$178,000 USD
This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy
RECRUITING FRAUD ALERT:
To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.
Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email RecruitingOperations@stitchfix.com.
You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness