Lead Application Security Engineer

MultiThreaded Engineering, UX and Design at Stitch Fix
About the Team Stitch Fix is an online personal style service for men and women combining art and science to disrupt and redefine the retail industry. Our Security team is new and growing! This is the chance to use your experience to help shape Security within our organization.
About the RoleLead Product Security Engineer
As the Lead Product Security Engineer you will be responsible for building out the product (application) security program for Stitch Fix. You will develop and foster partnerships with key business groups to ensure secure application development. In this role you will have the opportunity to create and implement innovative capabilities around security solutions for our platforms. As Lead Product Security Engineer you will provide and lead strategic and tactical security initiatives. Also you will partner with teammates to grow our application security principles and solutions which promote security and trust for our employees, our vendors, and our clients.
You're excited about this opportunity because you will?
Create, grow and mature the Stitch Fix Product Security Program
Excited to not only practice security, but teach and promote it within the organizations.
Provide guidance on design reviews and threat modeling
Partner with Engineers and Data Scientists to promote sound product security principles
Develop innovative solutions to perform code auditing with actionable feedback for Developers
Champion Security within the organization
Build and integrate application security tools for internal team usage
We're excited about you because?
You're Kind: We approach our coworkers with humility, grace, respect, and trust. You are someone who prefers to do the same.
You Build Partnerships: Great security culture comes from building partnerships and enabling security tool usage.
You're Pragmatic: You're not dogmatic about any particular tools or methodology. You've worked with many, and you probably have strong opinions, but you adapt to what works best for each business partner.
You want to do security different: Taking the lessons and experiences you have gained in your career you want to the challenge of doing security different and actually executing it.
You're Inspiring: Through the development of relationships your partners understand why their work matters and is excited about it.
Skills & Abilities
We can rely on you to pursue solutions to business problems because::
You're analytical and operationally minded
You have a consistent eye toward improvement along with the ability to roll with regular system and process improvements
Coding and design skills in Python, Ruby, iOS Swift, Android SDK.
You have conduct and lead security assessments and can articulate how to improve
Knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities
Exceptional experience in securing modern web and mobile applications
Develop scanning capabilities for CI/CD pipelines
Experience with Static Application Security Testing methodologies and tools
Experience with Dynamic Application Security Testing methodologies and tools
Knowledge of security incident response and management
If you already have experience in these areas, you'll have the chance to get even better. And if you don't already have these skills, we will help you learn and become effective with them.
Why You'll Love Working at Stitch Fix
We hire bright, kind, and goal oriented people. We love what we do at Stitch Fix but know that it is not the only thing in our lives. Our culture and benefits are designed to support our employees so that they can be their best selves both at work and away from work.
We offer transparent, equitable, and competitive compensation based on your level to help eliminate bias in salary ranges
We are serious about our commitment to life-work balance, and have generous parental leave policies
We are a company with a proven business model that's growing fast
We are a technologically and data-driven business
We offer great time away programs
We are blending tech and fashion, redefining shopping for the next generation
We are passionate about our clients and live/breathe the client experience
You'll get to be creative on a daily basis
We believe in autonomy & taking initiative
You'll report to a leadership team that wants to do it right and values innovation
Have sunny offices in downtown San Francisco, CA, Austin, TX and Pittsburgh, PA, or your home :)
Full support for remote work?you get to visit our SF office every few months to connect with your peers and partners.
About Stitch Fix
Stitch Fix is an online personal styling company in San Francisco, combining art and science to disrupt and redefine the retail industry. Our engineering team builds the tools to run the business, from customer-facing website and mobile app to unique and innovative tools that power our warehouse, merchandising, and styling teams. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our customers and a successful, growing business. We believe we are only scratching the surface of our opportunity, and we're looking for incredible people to contribute!

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.