Find your next great job

A daily email of jobs matching your skills and preferences.

Sign Up 👋

Remote Security Technical Program Manager

Posted almost 2 years ago

Security Technical Program Manager

at Stitch Fix

REMOTE, USA

SECURITY VULNERABILITY MANAGEMENT ENGINEER

REMOTE - USA

ABOUT ENGINEERING

Our team is made up of people from varied backgrounds, including engineers who built and scaled organizations like Google, Netflix, eBay, GitHub, and LivingSocial. We build modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we've built up immense trust with the people running the business. We focus on high-value products that solve clearly identified problems but are designed in a sustainable way so that value continues to deliver in the long term. In fact, some of our proudest moments come from solving business problems without writing a line of code.

ABOUT THE ROLE

You will deliver secure products and solutions not just features by developing an understanding of how Stitch Fix works. We trust you to focus your time and efforts where they are needed most. Your commitment to applying security to business and technology challenges in clean & innovative ways will make you a trusted advisor to your partners and their teams. You will own projects and influence our direction.

You won't do this alone. Your team will collaborate with business partners to define product requirements, plans, and deliverables. You will work with team members to take advantage of learning and growth opportunities in tech and product through real day-to-day work. You will impact the business in tangible, visible ways that and always have a seat at the table.

We are looking for a Security Vulnerability Management Engineer for our Information Security team. Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure. You will demonstrate strong communication skills and you will be primarily responsible for the continued evolution of our detection capabilities, the integration of security tools used internally by the Stitch Fix Information Security team, and the advancement of our vulnerability management program.

We're looking specifically for folks who place an emphasis on usable security. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. You will help us improve our vulnerability scanning and develop API integrations (glue code) between various systems and solutions. You will prototype, implement, test, deploy and maintain stable engineering solutions. You will present possible technical solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.

We cannot succeed without creative security engineers. Your cross-functional team will propose and build solutions for warehouse process improvement, workforce management, logistics decision-making, and workflow optimization.

REQUISITE SKILLS AND EXPERIENCE

Building and growing a next-generation vulnerability management program

Identifying the right combination of people, process and technology to improve our detection and remediation capabilities

Conducting scheduled, targeted (in response to advisories and remediation verification) and ad-hoc vulnerability scans and investigate and validate risk levels associated with vulnerabilities identified

Providing remediation guidance and recommendations and coordinate with the Technology organization, IT and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities

If necessary, act as primary security liaison and initial response for engineering and technology teams during security events and provide the necessary expertise in response and coordinating with the rest of the security team

Maintain and improve upon, as necessary, the existing vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and associated communications (downtimes, upgrades, report changes, etc.)

Create processes and workflows for all aspects of vulnerability management. Work with cross-functional teams to improve processes, workflows and operational efficiencies

Utilize proven sources to maintain an awareness of prevailing and emerging vulnerabilities to proactively address vulnerabilities as early as possible

Provide recurring and ad-hoc vulnerability reports upon request

Establish appropriate vulnerability management calendar, schedule engagements and track activities to completion. Maintain history of scans and activities for future reference and traceability

Prototyping, implementing, testing, and deploying code to production.

Proficiency with DevOps (Docker, AWS, microservices) and launching and maintaining new services.

The ability to learn new technologies quickly.

Capable of working with shifting requirements and collaborate with internal and external stakeholders.

Understand git merges, rebases, and conflict resolution.

Communicate clearly, efficiently, and thoughtfully. We're a highly-distributed team, so written communication is crucial, from email to Slack to pull requests to code reviews.

ABOUT THE TECHNOLOGY

Technologies we rely on to pursue solutions to business problems include:

HashiCorp Terraform

Python

Ruby

Brinqa

Jira

CodeClimate

AWS / Lambda

Even if you already have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.

YOU'RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE...

We work collaboratively as a distributed team we are a primarily remote team and we use GitHub, Slack, and video conferencing extensively to collaborate.

You will have the opportunity to participate in creating prototypes and exploring alternative designs we value pull requests, one-pagers, and screencasts to develop rapid prototypes that demonstrate new features.

We view Security as a product which requires a purposeful strategy through an overarching vision of how security can support the organization's survival because computers are somewhat terrible but necessary for success.

You are a Problem Solver. Ultimately, anyone can say no to something but just saying no isn't solving a problem. Figuring out a compromise, like preserving or even improving UX while still ensuring an organization's security, is a hard problem the type of problem which should be the most intellectually fulfilling.

We use these tools and techniques help us get the job done and we're excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.

WE ARE EXCITED ABOUT YOU BECAUSE...

YOU ARE ENTHUSIASTIC ABOUT TECHNOLOGY. You will collaborate to build solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You'll learn from us, and we'll learn from you. You care deeply about the experience you are delivering.

YOU HAVE A PRODUCT-FOCUSED MINDSET. Our team works together to deliver projects that use technology to solve real business problems. Your team members and business partners will seek out your opinion on how the product you're building should work. You aren't afraid to dig deep and ask the tough questions of our customers, company, and executive team.

YOU ARE INTERESTED IN DEVELOPING YOUR LEADERSHIP QUALITIES. You should believe in what you're doing and inspire others around you to be their best selves? Do you feel ownership for the projects you are working on?

YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building software sustainably, using modern techniques. You're always looking for more and better ways to write software, and enthusiastic about sharing them with your team.

YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful engineers show everyone respect and consideration.

YOU'LL LOVE WORKING AT STITCH FIX BECAUSE WE...

Are a successful, vibrant, fast-growing company

Are a technologically and data-driven business.

Are at the forefront of tech and fashion, redefining shopping for the next generation.

Are passionate about our clients and live/breathe the client experience.

Get to be creative every day.

Have a smart, experienced, and diverse leadership team that wants to do it right & is open to new ideas.

Believe in autonomy & taking initiative.

Have sunny offices in downtown San Francisco, CA, Austin, TX and Pittsburgh, PA, or your home :)

Full support for remote work and you get to visit our SF office every few months to connect with your peers and partners.

Offer transparent, equitable, and competitive compensation based on your level to help eliminate bias in salaries, as well as equity and comprehensive health benefits.

Are serious about our commitment to life-work balance, and have generous parental leave policies.

ABOUT STITCH FIX

At Stitch Fix, we're about personal styling for everybody and we believe in both a service and a workplace where you can be your best, most authentic self. We're the first fashion retailer to combine technology and data science with the human instinct of a Stylist to deliver a deeply personalized shopping experience. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. All of this results in a simple, powerful offering to our customers and a successful, growing business serving millions of men, women, and kids. We believe we are only scratching the surface on our opportunity, and we're looking for incredible people like you to help us carry on that trend.

Apply Now! 🤞

A new window will open to the job source site.

Job research tailored to you.

Growing a career that's right for you is a life-changer, but it's undeniable that the job search gets tougher every year. With automated hiring processes, resume filters and questionable interview practices, finding a job that a tech skillset has become seriously challenging.

That's where we step in. Careeriscope can help lighten the stress load by making your search a bit easier. We help you find matches based on the job search criteria you set, then send a summary of the results in a daily email sent every morning for review.