Note: The job is a remote job and is open to candidates in USA. Nordstrom is building a new Application Security team, built on a simple idea: teams shouldn’t have to choose between moving fast and shipping securely. As a Senior Application Security Engineer, you will build the tooling and secure defaults that protect our web, mobile, and API ecosystem, and collaborate closely with product engineering and DevOps teams.
Responsibilities
- Build secure-by-default patterns and paved-road tooling so teams get security built into the pipelines and frameworks they already use
- Own the AppSec tooling stack (SAST, SCA, secrets scanning, DAST), tune it for signal over noise, and route findings into where engineers already work
- Automate the security work that doesn’t need human judgment, and save manual review for the work that does
- Partner with our security teams, mentor engineers and champions, and raise the application security bar across the org
Skills
- 4+ years in application security, secure software development, or a closely related field, with a bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent experience
- A track record shipping security tooling, automation, or reusable patterns, not just operating off-the-shelf tools
- Expert-level threat modeling, security design review, and manual code review, with deep knowledge of application and API vulnerability classes and how to design them out
- Fluent enough to read and write code in languages like Java, Kotlin, C#, or Python
- Hands-on fluency using AI to accelerate real security work, with judgment about where to trust it and where to verify
- Working knowledge of how LLM and agent features fail, including prompt injection, unsafe tool and permission use, and data leakage through model outputs
- Cloud-native, container, and serverless security (AWS, GCP, Azure, Kubernetes)
- Hands-on with GitHub Advanced Security and JFrog Artifactory, or similar
- Offensive security experience
- Vulnerability disclosure or bug bounty program experience
- Production software engineering background
- Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB
Benefits
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
- This position may be eligible for performance-based incentives/bonuses.
- Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment.
Company Overview
Company H1B Sponsorship