Principal Security Engineer Vulnerability Management

About the Team

We are a team of collaborative empathetic and passionate security practitioners with diverse backgrounds and expertise spanning Vulnerability Management Incident Response Security Operations and DevSecOps. Our mission is to prioritize security in everything we do while enabling the business and fostering seamless collaboration with our partnersreducing friction not creating it.

Our team members have a high degree of autonomy in ensuring Stitch Fix remains secure. The ideal candidate will have strong communication skills and thrive both independently and as part of a highly distributed engineering team.

Were seeking individuals who prioritize usable security and are passionate about security and automation. As Stitch Fix continues to grow rapidly our security program must scale alongside itbalancing robust protection with the flexibility to support innovation.

About the Role

At Stitch Fix we operate in a cloud-first environment and are seeking an Vulnerability Management Engineer to lead security initiatives and own the VM program. This role will focus on Vulnerability management implementing best practices across infrastructure network security and cloud environments as well as ensuring compliance and policy adherence. This role is part of the Security Team and collaborates closely with Platform and Development teams. The ideal candidate should have extensive experience in Vulnerability Management container technologies and deployment and integration patterns within a production AWS environment.

Youre excited about this opportunity because you will

• Collaborate to develop innovative security solutions leveraging the right tools while contributing to design and architecture across multiple systems. Youre eager to expand your expertise and help us integrate new technologies. This is a team where learning is mutualyoull learn from us and well learn from you. Most importantly you are deeply committed to protecting our clients and employees from threats.
• Work closely with the team to develop effective solutions leveraging the right tools while contributing to design and architecture across multiple systems. Youre eager to expand your expertise and help us integrate new technologies. This is a team where learning is mutualyoull learn from us and well learn from you. Most importantly you are committed to delivering a seamless and impactful experience.
• Be the first to step in tackle challenges head-on and do what it takes to protect and secure our organization.
• Ensure that technology solutions address real business challenges. Your insights are valued by both team members and business partners who look to you for guidance on how our security initiatives should function. Youre not afraid to ask tough questions challenge assumptions and engage with customers stakeholders and executives to drive meaningful outcomes.

Were excited about you because

You have broad skills building deploying and maintaining security services in an organization and serving as the Subject Matter Expert for Vulnerability Management and cloud security. Additionally you have the following experience:

• 6 years of experience in Security preferably in an Vulnerability Management or similar role (Code defects dependencies containers risk of exposure and exploitability).
• Experience leading and assisting with Vulnerability remediation documentation and leading remediation efforts in close collaboration with the org.
• Proficient with the vulnerability management lifecycle and hands on involvement in orchestrating automated solutions.
• Understanding of common risk attack techniques and exploitability such as supply chain attacks.
• Intermediate to advanced knowledge ofAPT groups TTPs (Tactics Techniques and Procedures).

Cloud & Infrastructure Security:

• AWS experience is required; familiarity and high degree of proficiency with AWS services (e.g. Route53 IAM Security Groups SNS S3 Lambas CloudWatch Cloud Trail)
• Hands-on experience with AWS environments particularly in a security context; familiarity with AWS security services (e.g. Security Hub GuardDuty Macie).
• Hands on working knowledge of Infrastructure as Code (IaC) concepts and tools such as Terraform and Docker.
• Understand the use of CI/CD pipelines and their role in a security context.

Security Tools & Logging:

• Experience optimizing and integrating solutions (e.g. Jira JupiterOne PaloAlto Prisma).
• Ability to interpret findings based on CVSS and proprietary scoring and escalate potential security threats and findings to various stakeholders.

Programming & Automation:

• Proficient with scripting languages such as Python developing automation and security workflows.
• Proficient with infrastructure as code in Terraform or Pulumi or Cloud Formation.

Soft Skills & Collaboration:

• Ability to follow established security procedures and lead remediation efforts.
• Strong written communication skills for security documentation and reporting.
• Ability to collaborate with cross-functional teams and assist in security investigations.

Development & Continuous Learning:

• Knowledge of common development practices tools and how it applies in a security context.
• Eager and willing to learn and develop new skills in security automation and cloud security.
• Have the ability and experience to mentor and develop junior team members fostering growth within the team.

ABOUT THE TECHNOLOGY

Technologies we rely on to pursue solutions to business problems include:

• CircleCI
• Docker
• Palo Alto Prisma Cortex
• JupiterOne
• AWS
• Linux/Mac
• ZScaler
• HashiCorp Terraform
• Python
• Github
• Atlassian Tools
• DataDog
• CrowdStrike

Even if you already have experience with these tools youll have the chance to get even better with them. And if you dont already use at least a few of these tools we will help you learn and become effective with them.

Why youll love working at Stitch Fix...

• We are a group of bright kind people who are motivated by challenge. We value integrity innovation and trust. Youll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail.
• We win as a team commit to our work and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do.
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.