Senior Manager, Security Engineering

ABOUT THE TEAM

We secure Stitch Fix’s technology stack which includes modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business. We focus on high-value, human-centric security solutions and initiatives that solve clearly identified problems but are designed in a scalable way so that our defenses continue to enhance client trust long-term as we continue to innovate as a company. In fact, some of our proudest moments come from solving security problems without writing a line of code.

ABOUT THE ROLE

We are looking for a Senior Manager of Security Engineering, for our Information Security organization. Our team members and leaders are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure. You will be primarily responsible for the continued evolution of our Application Security, DevSecOps and Cloud Security capabilities. As a Senior Manager, strong thought leadership, partnership, strategy-setting, and communication skills are a must.

You will lead the Application Security and DevSecOps functions focused on delivering secure code and deployment capabilities through an understanding of how Stitch Fix works. You will also be leading our Cloud Security function, focused on building controls and defenses to better secure our cloud infrastructure. We trust you to focus your time and efforts where they are needed most and to rely on the strong engineers on your teams. Your commitment to applying security to business and technology challenges in clean & innovative ways will make you a trusted advisor to your partners and their teams. You will own projects and influence our direction.

You won’t do this alone. Your teams will collaborate with business partners to define product requirements, plans, and deliverables. You will work with team members to take advantage of learning and growth opportunities in tech and product through real day-to-day work. You will impact the business in tangible, visible ways and will always have a seat at the table.

We’re looking specifically for leaders who place an emphasis on usable security. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. You will help us improve our defenses when it comes to Cloud and Infrastructure Security and respond effectively in leading the Incident Response function. You will lead teams to prototype, implement, test, deploy and maintain secure solutions and processes. You will present possible technical and business process solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.

We cannot succeed without strong partnership across the company and in many different forms. Your cross-functional team will propose and build solutions for everything from warehouse process improvements to internal accounting systems.

REQUISITE SKILLS AND EXPERIENCE

• At least 8+ years in Information Security or related disciplines (IT, Software Engineering, etc)
• At least 8+ years delivering holistic Security Architecture solutions across Cloud Service and Infrastructure (Network, Compute and Internet)
• 5+ years working in a CI/CD paradigm bringing observability, ML and AI to augment the build and commit process, all the while reducing toil and increasing agility
• Have had 8+ years working in an agile framework dev model
• Prior Management and Architecture experience in AWS / GCP / Azure Service ecosystems.
• Develop requirements for the design of systems, components, platforms, sustainability, supportability and patterns to be developed across the technical org.
• Prior experience working with and managing bug-bounty / pentest programs in collaboration with engineering orgs. Red / Blue team experience is also preferred.
• Create and execute a tactical and strategic roadmap that identifies and reduces top security risks to the organization.
• Experience performing threat modeling using various frameworks e.g STRIDE / PASTA / MITRE to identify potential attack / threat vectors and communicate risks to stakeholders.
• Well-versed on the development, use and consumption of service maps, dependency maps, network and API flows, threat models and other documentation that contribute to converting complex needs of business capabilities, product, and strategy into a set of highly leverageable and transformative technical systems, patterns, and strategies.
• Work with the product and program management team to communicate the extent of current technical capabilities and the impact and boundaries they present to feature development.
• Understand and align on future technical needs and help inform sequencing of product features and technical investments to maximize efficiency and leverage.
• Work with engineering and algorithms teams to facilitate continuous capability development and improvement across technical teams.
• Present, explain, and evangelize the value and vision of architectural direction and investments to a wide audience.
• Demonstrated capability to manage multiple work streams and drive deadlines
• Leading collaborations with key partners across strategy, product, program management, engineering, and algorithms teams to drive end-to-end architecture and its implementation.
• Strong partnership and soft skills to influence outside of the Security organization to drive business-impacting change
• Someone willing to continue to learn as both Director and Architect and grow as the Security industry continues to shift and threats change
• Champion a culture of technical innovation within the organization.

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE…

• We work collaboratively as both a centralized and distributed team —we are a combined team of both remote and HQ-based professionals. We use a variety of technologies extensively to collaborate with each other.
• You will have the opportunity to drive secure code solutions in a cloud-native environment
• We view Security as an enabling part of the business which requires a purposeful strategy through an overarching vision of how security can support the organization’s goals.
• You are a Problem Solver. Ultimately, anyone can say “no” to something —but just saying “no” isn’t solving a problem. Figuring out a compromise, like preserving or even improving an experience while still ensuring an organization’s security, is a hard problem — the type of problem which should be the most intellectually fulfilling.

We use these tools and techniques to help us get the job done and we’re excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.

WE ARE EXCITED ABOUT YOU BECAUSE...

• YOU ARE ENTHUSIASTIC ABOUT SECURITY. You will collaborate to build interesting security solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You'll learn from us, and we'll learn from you. You care deeply about the fighting to secure our clients and our employees from threats.
• YOU HAVE A PARTNERSHIP MINDSET. Our team works together with multiple stakeholders to deliver projects that use secure technologies and processes to solve real business problems. Your team members and business partners will seek out your opinion on the focus and outcome you’re looking to achieve. You aren’t afraid to dig deep and ask the tough questions of our customers, company, and executive team.
• YOU ARE INTERESTED IN DEVELOPING THE EMPLOYEES ON YOUR TEAM. You should believe in what you’re doing and inspire others around you to be their best selves and achieve their goals.
• YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building security sustainably, not chasing the latest fad but understanding the best solution for the problem. You're always looking for more and better ways to bake security into everyday processes, and enthusiastic about sharing them with your team.
• YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful security professionals show everyone respect and consideration.

Why you'll love working at Stitch Fix...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives— all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail.
• We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do.
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.

About Stitch Fix

We're changing the industry and bringing personal styling to every body. We believe in a service and a workplace where you can show up as your best, most authentic self. The Stitch Fix experience is not merely curated—it’s truly personalized to each client we style. We are changing the way people find what they love. We’re disrupting the future of retail with the precision of data science by combining it with human instinct to find pieces that fit our client’s unique style. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. This results in a simple, yet powerful offering to our customers and a successful, growing business serving millions of men, women and kids throughout the US. We believe we are only scratching the surface and are looking for incredible people like you to help us boldly create our future.

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy

Recruiting Fraud Alert:

To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email [email protected].

You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness