Principal Vulnerability Management Engineer

Title: Principal Vulnerability Management Engineer

Location: Remote, USA

At Stitch Fix, our goal is to help our customers look great and feel great about themselves by revolutionizing how people shop. In a time-starved world where shopping often feels overwhelming, our business connects customers to clothes they love. Whether it’s helping someone dress for success at a new job or taking the stress out of packing for a family vacation, we fix clients’ closets and they love us for it!

We’ve built unique, innovative software for merchandising, warehouse and inventory management, remote styling, and logistics. We leverage vast amounts of client data to make decisions throughout the company. All of this results in a simple, powerful offering to our clients and a very successful business. We believe we are only scratching the surface of our opportunity, and we’re looking for incredible people to contribute!

Lead Vulnerability Management Engineer

REMOTE – USA

ABOUT ENGINEERING

Our team is made up of people from varied backgrounds, including engineers who built and scaled organizations like Google, Netflix, eBay, GitHub, and LivingSocial. We build modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business. We focus on high-value products that solve clearly identified problems but are designed in a sustainable way so that value continues to deliver in the long term. In fact, some of our proudest moments come from solving business problems without writing a line of code.

ABOUT THE ROLE

You will deliver secure products and solutions not just features by developing an understanding of how Stitch Fix works. We trust you to focus your time and efforts where they are needed most. Your commitment to applying security to business and technology challenges in clean & innovative ways will make you a trusted advisor to your partners and their teams. You will own projects and influence our direction.

You won’t do this alone. Your team will collaborate with business partners to define product requirements, plans, and deliverables. You will work with team members to take advantage of learning and growth opportunities in tech and product through real day-to-day work. You will impact the business in tangible, visible ways and always have a seat at the table.

We are looking for a Principal Vulnerability Management Engineer for our Information Security team. Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure. You will demonstrate strong communication skills and you will be primarily responsible for the continued evolution of our detection capabilities, the integration of security tools used internally by the Stitch Fix Information Security team, and the advancement of our vulnerability management program.

We’re looking specifically for folks who place an emphasis on usable security. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. You will help us improve our vulnerability detection capabilities and risk mitigation of network level issues. You will prototype, implement, test, deploy and maintain stable engineering solutions. You will present possible technical solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.

We cannot succeed without creative security engineers. Your cross-functional team will propose and build solutions for warehouse process improvement, workforce management, logistics decision-making, and workflow optimization.

REQUISITE SKILLS AND EXPERIENCE

• Building and growing a next-generation vulnerability management program
• Identifying the right combination of people, process and technology to improve our detection and remediation capabilities
• Conducting scheduled, targeted (in response to advisories and remediation verification) and expanding coverage for vulnerability scans and investigate and validate risk levels associated with vulnerabilities identified
• Providing remediation guidance and recommendations and coordinate with the Technology organization, IT and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities
• Thorough understanding of network defense technologies, TCP/IP networking, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies
• Extensive Windows, Mac, and Linux experience and common configuration deficiencies
• Thorough understanding of desktop, server, application, database, and network security hardening principles and practices for threat prevention
• Experience working as part of a patch management process and a familiarity with patching tools (i.e. SCCM, JAMF, VMWare Airwatch, etc.)
• Provide recurring and ad-hoc vulnerability reports upon request
• Reviewing and providing feedback on network level changes that bring security vulnerabilities
• Partner with warehouse and IT teams to manage vulnerabilities in our robotics and automation platforms
• Familiarity with DevSecOps (Docker, AWS, microservices) and launching and maintaining new services.
• The ability to learn new technologies quickly.
• Capable of working with shifting requirements and collaborating with internal and external stakeholders.
• Understand git merges, rebases, and conflict resolution.
• Proficient in scripting or any common development languages
• Communicate clearly, efficiently, and thoughtfully. We’re a highly-distributed team, so written communication is crucial

ABOUT THE TECHNOLOGY

Technologies we rely on to pursue solutions to business problems include:

• HashiCorp Terraform
• Python
• Ruby
• Go-lang
• Brinqa / Kenna Security
• Jira
• Prisma Cloud Compute
• AquaSec CSPM
• AWS / Lambda
• Vulcan
• Mix Of Scripting Languages

Even if you already have experience with these tools, you’ll have the chance to get even better with them. And if you don’t already use at least a few of these tools, we will help you learn and become effective with them.

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE…

• We work collaboratively as a distributed team we are a primarily remote team and we use GitHub, Slack, and video conferencing extensively to collaborate.
• You will have the opportunity to participate in creating prototypes and exploring alternative designs we value pull requests, one-pagers, and screencasts to develop rapid prototypes that demonstrate new features.
• We view Security as a product which requires a purposeful strategy through an overarching vision of how security can support the organization’s survival because computers are somewhat terrible but necessary for success.
• You are a Problem Solver. Ultimately, anyone can say no to something but just saying no isn’t solving a problem. Figuring out a compromise, like preserving or even improving UX while still ensuring an organization’s security, is a hard problem the type of problem which should be the most intellectually fulfilling.

We use these tools and techniques help us get the job done and we’re excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.

WE ARE EXCITED ABOUT YOU BECAUSE…

• YOU ARE ENTHUSIASTIC ABOUT TECHNOLOGY. You will collaborate to build solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You’ll learn from us, and we’ll learn from you. You care deeply about the experience you are delivering.
• YOU HAVE A PRODUCT-FOCUSED MINDSET. Our team works together to deliver projects that use technology to solve real business problems. Your team members and business partners will seek out your opinion on how the product you’re building should work. You aren’t afraid to dig deep and ask the tough questions of our customers, company, and executive team.
• YOU ARE INTERESTED IN DEVELOPING YOUR LEADERSHIP QUALITIES. You should believe in what you’re doing and inspire others around you to be their best selves? Do you feel ownership for the projects you are working on?
• YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building software sustainably, using modern techniques. You’re always looking for more and better ways to write software, and enthusiastic about sharing them with your team.
• YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful engineers show everyone respect and consideration.

YOU’LL LOVE WORKING AT STITCH FIX BECAUSE WE…

• Are a successful, vibrant, fast-growing company
• Are a technologically and data-driven business.
• Are at the forefront of tech and fashion, redefining shopping for the next generation.
• Are passionate about our clients and live/breathe the client experience.
• Get to be creative every day.
• Have a smart, experienced, and diverse leadership team that wants to do it right & is open to new ideas.
• Believe in autonomy & taking initiative.
• Have sunny offices in downtown San Francisco, CA, or your home 🙂
• Full support for remote work and you get to visit our SF office every few months to connect with your peers and partners.
• Offer transparent, equitable, and competitive compensation based on your level to help eliminate bias in salaries, as well as equity and comprehensive health benefits.
• Are serious about our commitment to life-work balance, and have generous parental leave policies.

ABOUT STITCH FIX

At Stitch Fix, we’re about personal styling for everybody and we believe in both a service and a workplace where you can be your best, most authentic self. We’re the first fashion retailer to combine technology and data science with the human instinct of a Stylist to deliver a deeply personalized shopping experience. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. All of this results in a simple, powerful offering to our customers and a successful, growing business serving millions of men, women, and kids. We believe we are only scratching the surface on our opportunity, and we’re looking for incredible people like you to help us carry on that trend.

Please review Stitch Fix’s Recruiting Privacy Policy here:
https://www.stitchfix.com/privacy/usrecruitingprivacy