Nordstrom’s Attack Surface Management team works to improve the security posture of Nordstrom by identifying, assessing, and reporting on vulnerabilities as well as participating in the triage process for critical response activities. In this role, you will have the opportunity to support Nordstrom and its customers by empowering Engineering teams with the information necessary to understand and remediate findings, helping facilitate compliance with regulatory requirements, and bringing visibility and actionable information to a dynamic threat environment.
A day in the life…
· Collaborate with security partners, engineering peers, technical teams, management, and other stakeholders on vulnerability scanning, analysis, prioritization, and triage activities.
· Identify and track the status of vulnerability remediation efforts, by analyzing findings, impact, and likelihood of attack.
· Participate in the care, feeding, and growth of a vulnerability tooling and reporting ecosystem by developing integrations and customizations.
· Assist with the triage of critical vulnerability findings alongside partner teams and stakeholders.
· Research vulnerabilities and provide technical remediation guidance to teams, ensuring adherence to standards and compliance with regulations.
· Evaluate potential false positives and other exception scenarios.
· Stay up to date with the latest vulnerability intel on zero-day exploits, ensuring successful remediation of time-sensitive vulnerabilities.
· Support a team rotation to respond to new requests and questions from remediation teams.
· Support regulatory- and compliance-related activities, including scanning and reporting for PCI and SOC2, identity and access management, internal security standards, and secure architecture.
· Craft communications, reports, and dashboards for vulnerabilities, risks, and recommended mitigation strategies.
You own this if you have…
· 4+ years of industry experience in cyber security or related field
· A bachelor’s or master’s degree in related discipline, or equivalent working experience
· Experience with network, cloud and application vulnerability identification solutions, ex: Qualys, Rapid7, WhiteHat, Netsparker, Snyk, Amazon Inspector, Prisma Cloud
· A curious mindset for learning and willingness to identify and implement improvements
· Excellent communication skills and ability to influence outcomes
· Working knowledge of regulatory and compliance requirements, ex: PCI DSS
· Experience with risk assessment methodologies, vulnerability attack methods, exploit results, attack chains, and standard scoring models such as CVSS
· Familiarity with cloud computing technologies and platforms, ex: containerization, Amazon Web Services, Google Cloud Provider, Azure
· Exposure to application security controls pertaining to CI/CD pipeline, ex: dependency scanning, source code scanning
· Background in software development, system administration, and / or process automation using Python, PowerShell, Bash
#LI-Hybrid
We’ve got you covered…
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Pay Range Details
The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.
Washington: $121,500-$188,500 annually This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_16.pdf