Senior Application Security Engineer

Nordstrom is building a new Application Security team, built on a simple idea: teams shouldn't have to choose between moving fast and shipping securely. As one of the first hires, you'll build the tooling and secure defaults that protect our web, mobile, and API ecosystem, do the deep work tooling can't, and help shape how we build with AI. You'll report to the Senior Manager of Application Security and partner closely with product engineering and DevOps, alongside our security peers in pentest, attack surface management, and platform.

A Day in the Life

• Build secure-by-default patterns and paved-road tooling so teams get security built into the pipelines and frameworks they already use

• Own the AppSec tooling stack (SAST, SCA, secrets scanning, DAST), tune it for signal over noise, and route findings into where engineers already work

• Automate the security work that doesn't need human judgment, and save manual review for the work that does

• Partner with our security teams, mentor engineers and champions, and raise the application security bar across the org

More About You

• You'd rather build the guardrail than write the policy, and you've shipped tooling that changed how other engineers work

• You go looking for the problems worth solving and own them end to end

• You're the security person other teams want in the room, because you explain risk clearly, respect how teams work, and help them find a fix that fits

• You think in risk, not severity scores. You know the difference between a finding that's exploitable in our context and one that just looks scary, and you prioritize accordingly

• 4+ years in application security, secure software development, or a closely related field, with a bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent experience

• A track record shipping security tooling, automation, or reusable patterns, not just operating off-the-shelf tools

• Expert-level threat modeling, security design review, and manual code review, with deep knowledge of application and API vulnerability classes and how to design them out

• Fluent enough to read and write code in languages like Java, Kotlin, C#, or Python

• Hands-on fluency using AI to accelerate real security work, with judgment about where to trust it and where to verify

• Working knowledge of how LLM and agent features fail, including prompt injection, unsafe tool and permission use, and data leakage through model outputs

• Cloud-native, container, and serverless security (AWS, Google Cloud Platform, Azure, Kubernetes)

Nice to Have

• Hands-on with GitHub Advanced Security and JFrog Artifactory, or similar

• Offensive security experience

• Vulnerability disclosure or bug bounty program experience

• Production software engineering background

• Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. California: $141,000-$258,000, Colorado: $141,000-$219,500, Connecticut: $141,000-$258,000, Deleware: $141,000-$219,500, Hawaii: $141,000-$219,500, Illinois: $141,000-$219,500, Maine: $141,000-$219,500, Maryland: $141,000-$258,000, Massachusetts: $141,000-$258,000, Minnesota: $141,000-$219,500, Nevada: $141,000-$219,500, New Jersey: $141,000-$258,000, New York: $141,000-$258,000, Rhode Island: $141,000-$219,500, Virginia: $141,000-$258,500, Washington: $141,000-$258,500, Washington DC: $166,000-$258,000

We've got you covered...

Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: _Overview_17-19.pdf