More jobs:
Senior Application Security Engineer
Job in
Seattle, King County, Washington, 98127, USA
Listed on 2026-06-28
Listing for:
Nordstrom Inc
Full Time
position Listed on 2026-06-28
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
Job Description Senior Application Security Engineer
Nordstrom is building a new Application Security team, built on a simple idea: teams shouldn’t have to choose between moving fast and shipping securely. As one of the first hires, you’ll build the tooling and secure defaults that protect our web, mobile, and API ecosystem, do the deep work tooling can’t, and help shape how we build with AI. You’ll report to the Senior Manager of Application Security and partner closely with product engineering and Dev Ops, alongside our security peers in pentest, attack surface management, and platform.
ADay in the Life
- Build secure‑by‑default patterns and paved‑road tooling so teams get security built into the pipelines and frameworks they already use
- Own the App Sec tooling stack (SAST, SCA, secrets scanning, DAST), tune it for signal over noise, and route findings into where engineers already work
- Automate the security work that doesn’t need human judgment, and save manual review for the work that does
- Partner with our security teams, mentor engineers and champions, and raise the application security bar across the org
- You’d rather build the guardrail than write the policy, and you’ve shipped tooling that changed how other engineers work
- You go looking for the problems worth solving and own them end to end
- You’re the security person other teams want in the room, because you explain risk clearly, respect how teams work, and help them find a fix that fits
- You think in risk, not severity scores. You know the difference between a finding that’s exploitable in our context and one that just looks scary, and you prioritize accordingly
- 4+ years in application security, secure software development, or a closely related field, with a bachelor’s or master’s in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent experience
- A track record shipping security tooling, automation, or reusable patterns, not just operating off‑the‑shelf tools
- Expert‑level threat modeling, security design review, and manual code review, with deep knowledge of application and API vulnerability classes and how to design them out
- Fluent enough to read and write code in languages like Java, Kotlin, C#, or Python
- Hands‑on fluency using AI to accelerate real security work, with judgment about where to trust it and where to verify
- Working knowledge of how LLM and agent features fail, including prompt injection, unsafe tool and permission use, and data leakage through model outputs
- Cloud‑native, container, and serverless security (AWS, GCP, Azure, Kubernetes)
- Hands‑on with Git Hub Advanced Security and JFrog Artifactory, or similar Offensive security experience (Nice to Have)
- Vulnerability disclosure or bug bounty program experience (Nice to Have)
- Production software engineering background (Nice to Have)
- Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB (Nice to Have)
- California: $141,000-$258,000
- Colorado: $141,000-$219,500
- Connecticut: $141,000-$258,000
- Deleware: $141,000-$219,500
- Hawaii: $141,000-$219,500
- Illinois: $141,000-$219,500
- Maine: $141,000-$219,500
- Maryland: $141,000-$258,000
- Massachusetts: $141,000-$258,000
- Minnesota: $141,000-$219,500
- Nevada: $141,000-$219,500
- New Jersey: $141,000-$258,000
- New York: $141,000-$258,000
- Rhode Island: $141,000-$219,500
- Virginia: $141,000-$258,500
- Washington: $141,000-$258,500
- Washington DC: $166,000-$258,000
- Medical/Vision, Dental, Retirement and Paid Time Away, Life Insurance and Disability, Merchandise Discount and EAP Resources
- 401k
- Medical/vision/dental/life/disability insurance options
- PTO accruals and Holidays
- Eligibility requirements may apply based on location, job level, classification, and length of employment
This position may be eligible for performance‑based incentives/bonuses.
Legal Notices- For Los Angeles or San Francisco applicants:
Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. - Additional state and location specific notices are available in the Legal Notices document within the FAQ section of the Nordstrom Careers site.
- Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location.
Position Requirements
10+ Years
work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×