Principal Security Engineer - Vulnerability Management

About the Team

We are a team of collaborative, empathetic, and passionate security practitioners with diverse backgrounds and expertise spanning Vulnerability Management, Incident Response, Security Operations, and DevSecOps. Our mission is to prioritize security in everything we do while enabling the business and fostering seamless collaboration with our partners—reducing friction, not creating it.

Our team members have a high degree of autonomy in ensuring Stitch Fix remains secure. The ideal candidate will have strong communication skills and thrive both independently and as part of a highly distributed engineering team.

We’re seeking individuals who prioritize usable security and are passionate about security and automation. As Stitch Fix continues to grow rapidly, our security program must scale alongside it—balancing robust protection with the flexibility to support innovation. 

About the Role

At Stitch Fix, we operate in a cloud-first environment and are seeking an Vulnerability Management Engineer to lead security initiatives and own the VM program. This role will focus on Vulnerability management, implementing best practices across infrastructure, network security, and cloud environments, as well as ensuring compliance and policy adherence. This role is part of the Security Team and collaborates closely with Platform and Development teams. The ideal candidate should have extensive experience in Vulnerability Management, container technologies, and deployment and integration patterns within a production AWS environment.

You're excited about this opportunity because you will…

• Collaborate to develop innovative security solutions, leveraging the right tools while contributing to design and architecture across multiple systems. You're eager to expand your expertise and help us integrate new technologies. This is a team where learning is mutual—you’ll learn from us, and we’ll learn from you. Most importantly, you are deeply committed to protecting our clients and employees from threats.
• Work closely with the team to develop effective solutions, leveraging the right tools while contributing to design and architecture across multiple systems. You're eager to expand your expertise and help us integrate new technologies. This is a team where learning is mutual—you’ll learn from us, and we’ll learn from you. Most importantly, you are committed to delivering a seamless and impactful experience.
• Be the first to step in, tackle challenges head-on, and do what it takes to protect and secure our organization.
• Ensure that technology solutions address real business challenges. Your insights are valued by both team members and business partners, who look to you for guidance on how our security initiatives should function. You're not afraid to ask tough questions, challenge assumptions, and engage with customers, stakeholders, and executives to drive meaningful outcomes.

We’re excited about you because…

You have broad skills building, deploying, and maintaining security services in an organization, and serving as the Subject Matter Expert for Vulnerability Management and cloud security. Additionally you have the following experience:

• 6+ years of experience in Security, preferably in an Vulnerability Management or similar role (Code defects, dependencies, containers, risk of exposure and exploitability).
• Experience leading and assisting with Vulnerability remediation, documentation, and leading remediation efforts in close collabora