Cloud Security Engineer

About Stitch Fix, Inc.

Stitch Fix (NASDAQ: SFIX) is the leading online personal styling service that helps people discover the styles they will love that fit perfectly so they always look - and feel - their best. Few things are more personal than getting dressed, but finding clothing that fits and looks great can be a challenge. Stitch Fix solves that problem. By pairing expert stylists with best-in-class AI and recommendation algorithms, the company leverages its assortment of exclusive and national brands to meet each client's individual tastes and needs, making it convenient for clients to express their personal style without having to spend hours in stores or sifting through endless choices online. Stitch Fix, which was founded in 2011, is headquartered in San Francisco.

 

About the Team

Our Security Architecture team is at the forefront of protecting our cloud infrastructure and applications. We are responsible for designing and implementing security solutions across cloud environments and application security domains to ensure the protection of sensitive data, prevent security threats, and enable secure innovation. We work closely with engineering, DevOps, and product teams to integrate security seamlessly into cloud-native architecture, DevSecOps pipelines, and application development workflows.

About the Role

As a Senior Cloud Security Engineer, you will play a critical role in both cloud security and application security, helping to secure AWS cloud environments, microservices, containers, serverless architectures, and application security pipelines. You will work closely with the Senior Security Architect and cross-functional teams to develop security solutions that mitigate risk while enabling business and engineering agility. This role requires expertise in cloud security architecture, DevSecOps automation, application security best practices, and incident response.

You're excited about this opportunity because you will…

• Design secure cloud and application architectures, ensuring security is embedded in both infrastructure and software development.
• Integrate security automation into CI/CD pipelines and enforcing secure coding practices.
• Work with engineering and product teams to proactively mitigate application security risks.
• Design and manage AWS multi-account environments, ensuring minimal attack surface and robust logging/monitoring.
• Implement AWS security best practices, leveraging services like GuardDuty, Security Hub, Inspector, and custom Lambda scripts for continuous threat detection.
• Develop secure IaC templates (Terraform/CloudFormation) to enforce consistent security configurations.
• Automate security controls to detect misconfigurations, vulnerabilities, and compliance violations (CIS, NIST, PCI-DSS).
• Integrate application security testing (SAST, DAST, SCA, IAST) into CI/CD pipelines to detect vulnerabilities early.
• Define secure coding guidelines and collaborate with engineering teams to ensure adherence.
• Conduct threat modeling and secure code reviews to proactively mitigate application security risks.
• Enforce API security best practices, including OAuth, JWT, rate limiting, and input validation.
• Work closely with the Senior Security Architect to align cloud and application security with overarching security standards.
• Partner with engineering, DevOps, and product teams to embed security into the SDLC and cloud infrastructure.
• Educate development teams on secure coding, application security testing, and cloud security best practices.

We’re excited about you because…

• You have 7+ years of experience in cloud security, DevSecOps, or application security, with a focus on AWS.
• You are an expert in AWS security services such as GuardDuty, Security Hub, Inspector, IAM, KMS, and AWS Organizations.
• You have deep experience with Infrastructure as Code (IaC), including Terraform and CloudFormation, to enforce security at scale.
• You have a strong understanding of application security principles, including OWASP Top 10, SAST, DAST, and secure SDLC methodologies.
• You are proficient in DevSecOps tooling, such as SAST, DAST, SCA, IAST, and container security scanning tools.
• Expert-level AWS knowledge: VPC design, IAM, KMS, EKS, Lambda, AWS Organizations.
• You have experience securing APIs, microservices, and serverless functions, ensuring proper authentication and authorization.
• You are a proactive problem solver, able to diagnose security challenges across both cloud and application layers.
• You have excellent communication and collaboration skills, allowing you to effectively advise engineering and product teams on security best practices.

Why you'll love working at Stitch Fix...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives— all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail. 
• We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do. 
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.

Compensation and Benefits

This role will receive a competitive salary, benefits, and equity. The salary for US-based employees hired into this role will be aligned with the range below, which includes our three geographic areas. A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, location, and performance.This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.

Salary Range$145,500—$214,000 USD

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy

Recruiting Fraud Alert: 

To all candidates: your personal information and online safety are top of mind for us.  At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email careers@stitchfix.com. 

You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness