US National – Telecommute
Security Vulnerability Engineer
REMOTE – USA
Our team is made up of people from varied backgrounds, including engineers who built and scaled organizations like Google, Netflix, eBay, GitHub, and LivingSocial. We build modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business. We focus on high-value products that solve clearly identified problems but are designed in a sustainable way so that value continues to deliver in the long term. In fact, some of our proudest moments come from solving business problems without writing a line of code.
ABOUT THE ROLE
You will deliver secure products and solutions not just features by developing an understanding of how Stitch Fix works. We trust you to focus your time and efforts where they are needed most. Your commitment to applying security to business and technology challenges in clean & innovative ways will make you a trusted advisor to your partners and their teams. You will own projects and influence our direction.
You won’t do this alone. Your team will collaborate with business partners to define product requirements, plans, and deliverables. You will work with team members to take advantage of learning and growth opportunities in tech and product through real day-to-day work. You will impact the business in tangible, visible ways that and always have a seat at the table.
We are looking for a Security Vulnerability Engineer for our Information Security team. Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure. You will demonstrate strong communication skills and you will be primarily responsible for the continued evolution of our detection capabilities, the integration of security tools used internally by the Stitch Fix Information Security team, and the advancement of our vulnerability management program.
We’re looking specifically for folks who place an emphasis on usable security. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. You will help us improve our vulnerability scanning and develop API integrations (glue code) between various systems and solutions. You will prototype, implement, test, deploy and maintain stable engineering solutions. You will present possible technical solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.
We cannot succeed without creative security engineers. Your cross-functional team will propose and build solutions for warehouse process improvement, workforce management, logistics decision-making, and workflow optimization.
REQUISITE SKILLS AND EXPERIENCE
Building and growing a next-generation vulnerability management program
Identifying the right combination of people, process and technology to improve our detection and remediation capabilities
Conducting scheduled, targeted (in response to advisories and remediation verification) and ad-hoc vulnerability scans and investigate and validate risk levels associated with vulnerabilities identified
Providing remediation guidance and recommendations and coordinate with the Technology organization, IT and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities
If necessary, act as primary security liaison and initial response for engineering and technology teams during security events and provide the necessary expertise in response and coordinating with the rest of the security team
Maintain and improve upon, as necessary, the existing vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and…
Computer & IT , Computer Security , Software Development , Python