Principal Cyber Security Incident Response Engineer (DFIR)

About the Team

We are a team of collaborative, empathetic, and passionate security practitioners with diverse backgrounds and expertise spanning Vulnerability Management, Incident Response, Security Operations, and DevSecOps. Our mission is to prioritize security in everything we do while enabling the business and fostering seamless collaboration with our partners—reducing friction, not creating it.

Our team members have a high degree of autonomy in ensuring Stitch Fix remains secure. The ideal candidate will have strong communication skills and thrive both independently and as part of a highly distributed engineering team.

We’re seeking individuals who prioritize usable security and are passionate about security and automation. As Stitch Fix continues to grow rapidly, our security program must scale alongside it—balancing robust protection with the flexibility to support innovation.

About the Role

At Stitch Fix, we operate in a cloud-first environment and are seeking a Principal Incident Response Engineer to lead security initiatives. This role will focus on incident response, implementing best practices across infrastructure, network security, and cloud environments, as well as ensuring compliance and policy adherence. This role is part of the Security Team and collaborates closely with Platform and Development teams. The ideal candidate should have extensive experience in Incident Response, container technologies, and deployment and integration patterns within a production AWS environment. 

You're excited about this opportunity because you will…

• Collaborate to develop innovative security solutions, leveraging the right tools while contributing to design and architecture across multiple systems. You're eager to expand your expertise and help us integrate new technologies. This is a team where learning is mutual—you’ll learn from us, and we’ll learn from you. Most importantly, you are deeply committed to protecting our clients and employees from threats.
• Work closely with the team to develop effective solutions, leveraging the right tools while contributing to design and architecture across multiple systems. You're eager to expand your expertise and help us integrate new technologies. You are committed to delivering a seamless and impactful experience.
• Design, deploy, and manage security services within an organization—while also acting as the go-to expert for incident response and cloud security.
• Be the first to step in, tackle challenges head-on, and do what it takes to protect and secure our organization.
• Ensure that technology solutions address real business challenges. Your insights are valued by both team members and business partners, who look to you for guidance on how our security initiatives should function. You're not afraid to ask tough questions, challenge assumptions, and engage with customers, stakeholders, and executives to drive meaningful outcomes.

We’re excited about you because you…

Have broad skills building, deploying, and maintaining security services in an organization, and serving as the Subject Matter Expert for incident response and cloud security. Additionally you have the following experience:

• 6+ years of experience in Security, preferably in an Incident Response or similar “first responder” role (Trust & Safety, Fraud, Account Protection, etc.).
• Experience leading and assisting with Security Incident analysis, documentation, and response coordination.
• Proficient with the cyber security incident lifecycle and hands on involvement in security event handling.
• Understanding of common adversarial tools, attack techniques, and Indicators of Compromise (IOCs).
• Intermediate to advanced knowledge of APT groups, TTPs (Tactics, Techniques, and Procedures).

Cloud & Infrastructure Security:

• AWS experience is required; familiarity and high degree of proficiency with AWS services (e.g., Route53, IAM, Security Groups, SNS, S3, Lambas, CloudWatch, Cloud Trail)   
• Hands-on experience with AWS environments, particularly in a security context; familiarity with AWS security services (e.g., Security Hub, GuardDuty, Macie).
• Hands on working knowledge of Infrastructure as Code (IaC) concepts and tools such as Terraform and Docker.
• Understand the use of CI/CD pipelines and their role in a security context.

Security Tools & Logging:

• Experience optimizing and integrating common logging solutions (e.g., Splunk, SumoLogic, Datadog).
• Ability to interpret logs, events and escalate potential security threats and findings
• Hands-on investigative and deployment experience with Endpoint Detection & Response (EDR) solutions like CrowdStrike.

Programming & Automation:

• Proficient with scripting languages (e.g., Python) developing automation and security workflows.

Soft Skills & Collaboration:

• Ability to follow established security procedures and lead incident response efforts.
• Strong written communication skills for security documentation and reporting.
• Ability to collaborate with cross-functional teams and assist in security investigations.

Development & Continuous Learning:

• Knowledge of common development practices, tools and how it applies in a security context.
• Eager and willing to learn and develop new skills in security automation and cloud security.
• Have the ability and experience to mentor and develop junior team members, fostering growth within the team.

Incident Commander Role → Act when called upon in the capacity of Incident Commander during security incidents

• • Ability to follow established investigative processes including management & escalation procedures while working with other senior team members during an incident; includes drafting a SITREP and driving post-mortems. 
  • Excel in engaging with cross-functional teams during an incident in parallel with  leading an active investigation and influencing favorable outcomes outside of security.
  • Poses the ability to stay calm “under pressure” while leading an incident to resolution in potential high-stress and time sensitive environments.

About the Technology

Technologies we rely on to pursue solutions to business problems include:

• Ruby on Rails
• Golang
• CircleCI
• Docker
• AWS Compute Resources
• Linux/Mac
• ZScaler
• HashiCorp Terraform
• Python
• Github
• Jira
• DataDog
• CrowdStrike
• Pagerduty

Whether you're already experienced with these tools or just getting started, you'll have the opportunity to deepen your expertise. If some of these tools are new to you, we’ll provide the support and resources you need to learn and become proficient.

Why you'll love working at Stitch Fix...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives— all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail. 
• We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do. 
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.