About The Position
At Stitch Fix, we operate in a cloud-first environment and are seeking an Vulnerability Management Engineer to lead security initiatives and own the VM program. This role will focus on Vulnerability management, implementing best practices across infrastructure, network security, and cloud environments, as well as ensuring compliance and policy adherence. This role is part of the Security Team and collaborates closely with Platform and Development teams. The ideal candidate should have extensive experience in Vulnerability Management, container technologies, and deployment and integration patterns within a production AWS environment.
Requirements
- 6+ years of experience in Security, preferably in an Vulnerability Management or similar role (Code defects, dependencies, containers, risk of exposure and exploitability).
- Experience leading and assisting with Vulnerability remediation, documentation, and leading remediation efforts in close collaboration with the org.
- Proficient with the vulnerability management lifecycle and hands on involvement in orchestrating automated solutions.
- Understanding of common risk, attack techniques, and exploitability such as supply chain attacks.
- Intermediate to advanced knowledge of APT groups, TTPs (Tactics, Techniques, and Procedures).
- AWS experience is required; familiarity and high degree of proficiency with AWS services (e.g., Route53, IAM, Security Groups, SNS, S3, Lambas, CloudWatch, Cloud Trail)
- Hands-on experience with AWS environments, particularly in a security context; familiarity with AWS security services (e.g., Security Hub, GuardDuty, Macie).
- Hands on working knowledge of Infrastructure as Code (IaC) concepts and tools such as Terraform and Docker.
- Understand the use of CI/CD pipelines and their role in a security context.
- Experience optimizing and integrating solutions (e.g., Jira, JupiterOne, PaloAlto Prisma).
- Ability to interpret findings based on CVSS and proprietary scoring, and escalate potential security threats and findings to various stakeholders.
- Proficient with scripting languages such as Python, developing automation and security workflows.
- Proficient with infrastructure as code in Terraform, or Pulumi, or Cloud Formation.
- Ability to follow established security procedures and lead remediation efforts.
- Strong written communication skills for security documentation and reporting.
- Ability to collaborate with cross-functional teams and assist in security investigations.
- Knowledge of common development practices, tools and how it applies in a security context.
- Eager and willing to learn and develop new skills in security automation and cloud security.
- Have the ability and experience to mentor and develop junior team members, fostering growth within the team.
Responsibilities
- Collaborate to develop innovative security solutions, leveraging the right tools while contributing to design and architecture across multiple systems.
- Work closely with the team to develop effective solutions, leveraging the right tools while contributing to design and architecture across multiple systems.
- Be the first to step in, tackle challenges head-on, and do what it takes to protect and secure our organization.
- Ensure that technology solutions address real business challenges.
Benefits
- We offer comprehensive compensation packages and inclusive health and wellness benefits.
- This role will receive a competitive salary, benefits, and equity.
- This position is eligible for an annual bonus, and new hire and ongoing grants of restricted stock units, depending on employee and company performance.
- In addition, the position is eligible for medical, dental, vision, and other benefits.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
