Cloud Security Engineer

Summary

Join Stitch Fix's Security Architecture team as a Senior Cloud Security Engineer and play a critical role in securing AWS cloud environments, microservices, containers, and serverless architectures. You will design secure cloud and application architectures, integrate security automation into CI/CD pipelines, and work with engineering and product teams to mitigate application security risks. This role requires expertise in cloud security architecture, DevSecOps automation, and application security best practices. You will leverage AWS services like GuardDuty, Security Hub, and Inspector, and develop secure IaC templates. The position offers a competitive salary, benefits, and equity, including restricted stock units and comprehensive health and wellness benefits.

Requirements

• 7+ years of experience in cloud security, DevSecOps, or application security, with a focus on AWS
• Expert in AWS security services such as GuardDuty, Security Hub, Inspector, IAM, KMS, and AWS Organizations
• Deep experience with Infrastructure as Code (IaC), including Terraform and CloudFormation, to enforce security at scale
• Strong understanding of application security principles, including OWASP Top 10, SAST, DAST, and secure SDLC methodologies
• Proficient in DevSecOps tooling, such as SAST, DAST, SCA, IAST, and container security scanning tools
• Expert-level AWS knowledge: VPC design, IAM, KMS, EKS, Lambda, AWS Organizations
• Experience securing APIs, microservices, and serverless functions, ensuring proper authentication and authorization
• Proactive problem solver, able to diagnose security challenges across both cloud and application layers
• Excellent communication and collaboration skills, allowing you to effectively advise engineering and product teams on security best practices

Responsibilities

• Design secure cloud and application architectures, ensuring security is embedded in both infrastructure and software development
• Integrate security automation into CI/CD pipelines and enforcing secure coding practices
• Work with engineering and product teams to proactively mitigate application security risks
• Design and manage AWS multi-account environments, ensuring minimal attack surface and robust logging/monitoring
• Implement AWS security best practices, leveraging services like GuardDuty, Security Hub, Inspector, and custom Lambda scripts for continuous threat detection
• Develop secure IaC templates (Terraform/CloudFormation) to enforce consistent security configurations
• Automate security controls to detect misconfigurations, vulnerabilities, and compliance violations (CIS, NIST, PCI-DSS)
• Integrate application security testing (SAST, DAST, SCA, IAST) into CI/CD pipelines to detect vulnerabilities early
• Define secure coding guidelines and collaborate with engineering teams to ensure adherence
• Conduct threat modeling and secure code reviews to proactively mitigate application security risks
• Enforce API security best practices, including OAuth, JWT, rate limiting, and input validation
• Work closely with the Senior Security Architect to align cloud and application security with overarching security standards
• Partner with engineering, DevOps, and product teams to embed security into the SDLC and cloud infrastructure
• Educate development teams on secure coding, application security testing, and cloud security best practices

Benefits

• Competitive salary
• Benefits
• Equity
• Restricted stock units (depending on employee and company performance)
• Medical, dental, vision, and other benefits