Principal Engineer (Security Engineering)

Stitch Fix • Posted November 12th

Software Development
Stitch Fix  logo

Stitch Fix is looking for a Principal Software Engineer to help secure our platforms and lead the development of advanced security tools to protect and safeguard the organization.

The individual in this role will be part of the Security Engineering Team and work closely with the various Platform teams at Stitch Fix in order to build security technologies. In addition, the individual will step in and contribute their technical expertise in areas like Application Security Engineering and Infrastructure Security. The candidate should have strong experience with building software in a production cloud environment using modern design paradigms like infrastructure-as-code (IaC). 

We’re looking specifically for folks who are interested in building security features with empathy and a partnership driven approach. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.

Skills we are looking for are broad - building, deploying, and maintaining applications and services in an organization. We are open to software engineers, SREs, Platform engineers, and others without traditional security titles. We are looking for a mix of the following skills, and don’t expect candidates to be experts in all.


  • Strong experience with various languages and frameworks (preferably Ruby on Rails)
  • Strong experience with leading cross-functional technical initiatives with partner groups (Engineering, Data Science, Product, etc.)
  • Written / verbal communication skills - producing technical / architectural documentation and best practice guidance
  • Experience performing architecture reviews
  • Deep experience with building applications and implementing AWS native tooling to solve problems, and implementing monitoring & observability. 


  • Understanding of common software vulnerabilities in code and application infrastructure
  • Experience performing security-focused design and architecture reviews