Network Security Engineer

Are you passionate about securing the infrastructure that powers one of retail's most iconic brands? Nordstrom is on a journey to modernize and fortify the systems that connect our employees, partners, and customers across 400+ locations and multi-cloud environments. To support that mission, we are hiring a Senior Network Security Engineer to join our NIO organization.

You will be part of a team of highly skilled security and infrastructure professionals responsible for designing, operating, and automating the network security controls that protect Nordstrom's enterprise. The ideal candidate thinks in automation first, understands how networks actually work, and brings deep expertise in cloud security, identity, and access. You will partner closely with engineers, architects, and platform teams to execute on both strategic and day-to-day security goals.

A Day in the Life

• Design, deploy, and operate network security controls across enterprise, cloud (AWS, Azure, Google Cloud Platform), and retail edge environments
• Implement and maintain zero-trust network access (ZTNA) policies, microsegmentation, and perimeter security using tools like Zscaler, Palo Alto Networks, and cloud-native NGFWs
• Build and maintain automation pipelines for security policy management, firewall rule lifecycle, and compliance validation - treating infrastructure as code
• Collaborate with cloud, platform, and application teams to integrate security at the network layer without blocking delivery velocity
• Serve as a subject matter expert for authentication and authorization frameworks: 802.1X, EAP-TLS, RADIClearPass, certificate management, and IAM integrations
• Monitor, triage, and respond to network security events; drive root cause analysis and long-term remediation
• Author engineering documentation, threat models, and security runbooks; contribute to architecture reviews
• Mentor engineers across the NIO organization on security best practices and automation patterns
• Participate in on-call rotation for critical security infrastructure

• You approach every problem with an automation-first mindset - if you're doing something twice, you're already writing the script
• You understand the network well enough to implement security without needing a network engineer in the room - you can read a routing table, troubleshoot a VLAN, and reason about traffic flows
• You've operated security in cloud environments and understand how AWS Security Groups, Azure NSGs, cloud NGFW, and service mesh fit into a layered defense model
• Authentication and authorization are not just checkboxes to you - you have strong opinions about certificate lifecycles, EAP methods, and identity-aware policy enforcement
• You communicate clearly with both engineers and executives, translating complex security posture into business risk
• You thrive in ambiguity, work with urgency during incidents, and bring calm, structured thinking under pressure
• Passionate about continuous improvement and raising the security bar across teams you work with, * Bachelor's or master's degree in Computer Science, Engineering, Cybersecurity, or equivalent education and experience
• 7+ years of progressive enterprise security engineering experience with demonstrated depth in network security domains
• Hands-on experience with cloud security architecture across two or more major cloud platforms (AWS, Azure, Google Cloud Platform, OCI) - including cloud NGFW, VPC security controls, and private connectivity patterns
• Strong automation and IaC experience: Python, Terraform, Ansible, or equivalent - you write production-grade automation, not one-off scripts
• Deep expertise in network security technologies: next-gen firewalls (Palo Alto), ZTNA/SWG (Zscaler), IDS/IPS, and DDoS mitigation
• Strong working knowledge of authentication and authorization: 802.1X, EAP-TLS, RADIUS, ClearPass/ISE, SAML, OAuth, and PKI/certificate management
• Solid foundational network knowledge: TCP/IP, BGP, SD-WAN concepts, VLAN segmentation, DNS, and routing protocols - enough to own security outcomes independently
• Experience with security policy-as-code, CI/CD pipelines for network security changes, and GitOps workflows
• Effective written and verbal communication; able to produce clear RCAs, architecture docs, and executive summaries

Nice to Have

• Experience with Versa SD-WAN security policy, Juniper Mist access policy, or Fastly/edge security controls
• Familiarity with SIEM platforms, SOAR workflows, or security data pipelines (e.g., New Relic, Splunk)
• Relevant certifications: PCNSE, CCNP Security, AWS/Azure Security Specialty, CISSP, or equivalent
• Retail or high-velocity e-commerce security experience

Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

A few more important points..., The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $142,000.00 - $220,500.00 Annual

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: _Overview_17-19.pdf