Senior Director, Head of Security Engineering

About SHEIN 

SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 15,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry. 

Position Summary 

We are seeking a Head of Security Engineering to join our Security Engineering team based in Los Angeles, California.

SHEIN’s Global Security and Risk Management (GSRM) is a global security organization overseeing security infrastructure, risk management, data privacy, governance, and regulatory compliance.

The Head of Security Engineering is a senior executive responsible for the overall strategy, execution, and roadmaps of both security engineering/architecture and application security initiatives. This role leads integrated engineering, architecture, and secure development teams to design and deploy enterprise-scale security solutions. The leader must possess deep technical expertise across security domains – including cloud and network security, application security, identity and access management, and secure software development – as well as extensive experience with data protection, privacy, and compliance regulations.

Working closely with technology and business partners (such as development, operations, and product teams), the Head of Security Engineering ensures that security best practices are integrated into the technology environment and that all solutions are effectively implemented to protect SHEIN’s data and applications.

 Job Responsibilities 

• Oversee and mentor the security engineering and application security teams (including full-time employees, contractors, and service providers), managing all aspects of hiring, training, career development, and performance management. Build high-performing, collaborative teams that drive security initiatives and innovation.
• Direct the design, development, and management of enterprise security architectures across cloud, network, endpoint, and identity systems. Ensure that infrastructure and platform security solutions meet business needs and industry best practices. Provide leadership for security engineering projects from planning through deployment, including proof-of-concept evaluation, requirements analysis, solution design, implementation, and operational support.
• Lead the secure software development lifecycle (SDL) and application security efforts. Define and enforce secure coding standards and practices, and manage application security processes such as threat modeling, security code reviews, automated scanning (SAST/DAST), penetration testing, and vulnerability management. Collaborate with development and QA teams to identify and mitigate risks in SHEIN’s application portfolio.
• Develop and update comprehensive security strategies, roadmaps, policies, and standards that align with SHEIN’s business objectives and regulatory requirements. Advocate for and implement security best practices, frameworks, and standards (e.g., OWASP, NIST, ISO) across the organization. Ensure that security strategies account for emerging threats and evolving compliance obligations.
• Manage the security budget, forecasting, and resource planning. Oversee security vendor and technology roadmaps, making recommendations for new tools and services that enhance SHEIN’s security posture. Optimize resource allocation to balance cost and risk effectively.
• Collaborate with external stakeholders such as law enforcement, regulatory bodies, industry associations, and security working groups. Engage with these organizations to stay informed about threat intelligence, security standards, and best practices, and to ensure SHEIN’s security posture remains robust and up-to-date.
• Partner with business units, product owners, and engineering teams to embed security requirements into projects and products. Facilitate risk assessments, data protection analyses, and security reviews for new initiatives. Work with compliance teams to ensure solutions meet regulatory standards (e.g., GDPR, CCPA, PCI DSS).
• Establish credibility as a proactive, visionary security leader and change agent. Promote a culture of security awareness and accountability across the organization. Communicate security vision and strategy clearly to executive leadership and technical teams, driving consensus and alignment.
• Ensure the high availability, reliability, and efficiency of security services and tools. Define and monitor key performance metrics for security operations and application security programs. Ensure that service-level agreements and incident response objectives are met consistently.

 Job Requirements 

• 10+ years of professional experience in cybersecurity roles, with hands-on experience in application security, security engineering, and architecture. Includes substantial experience in cloud security, network security, endpoint security, and identity/access management. At least 5–8 years in leadership or management positions overseeing technical security teams.
• Bachelor’s or advanced degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field.
• Deep knowledge of secure software development practices and DevSecOps, including proficiency with CI/CD pipelines, programming languages, and security testing tools (e.g., SAST, DAST, vulnerability scanners). Strong understanding of security architectures and controls across networks, cloud platforms (AWS, Azure, etc.), and enterprise systems. Familiarity with identity and access management technologies and frameworks.
• Strong understanding of security frameworks, standards, and regulations (e.g., OWASP, NIST, ISO 27001, GDPR, CCPA, PCI DSS). Demonstrated ability to translate business and regulatory requirements into technical controls. Experience building or operating security programs in technology or e-commerce industries is highly desirable.
• Proven leadership and team-building skills. Demonstrated success mentoring and motivating diverse technical teams. Excellent verbal and written communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders. Strong interpersonal skills and the ability to influence and collaborate in a matrixed organization.
• Analytical Skills: Strong analytical and problem-solving abilities. Experience with threat modeling, security risk assessments, and developing metrics or dashboards for tracking application and infrastructure security. Familiarity with incident response strategies and playbooks is preferred.
• Strong business and financial acumen, including experience with budgeting and strategic planning. Ability to align security initiatives with business objectives and articulate the value and risks to leadership.
• High level of personal integrity and professionalism. Ability to handle confidential information with discretion. Adaptable to fast-paced, dynamic environments and able to drive change while maintaining attention to detail.

Nice to Have

• Relevant industry certifications (such as CISSP, CISM, CISA, or equivalent)
• Fluency in Mandarin

Benefits and Perks 

• Bonus and RSU eligible
• Healthcare (medical, dental, vision, prescription drugs) 
• Health Savings Account with Employer Funding 
• Flexible Spending Accounts (Healthcare and Dependent care) 
• Company-Paid Basic Life/AD&D insurance 
• Company-Paid Short-Term and Long-Term Disability 
• Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident) 
• Employee Assistance Program 
• Business Travel Accident Insurance 
• 401(k) Savings Plan with discretionary company match and access to a financial advisor  
• Vacation, paid holidays, floating holiday and sick days   
• Employee discounts 
• Free weekly catered lunch 
• Dog-friendly office (available at select locations) 
• Free gym access (available at select locations) 
• Free swag giveaways 
• Annual Holiday Party 
• Invitations to pop-ups and other company events 
• Complimentary daily office snacks and beverages

#LI-YC1