Senior Application Security Engineer

Nordstrom

Quick summary

Work type: On-site
Location: Seattle, WA
Salary: $141,000–$258,000 / yr
Posted: 3 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $180k

This role $200k

$120k most similar roles pay here $273k

This role pays more than 69% of similar roles. Most pay $152,150–$206,900 — the shaded band above. At the midpoint, this role pays about $200k versus about $180k for comparable roles.

Based on 240 similar postings.

Employer

About Nordstrom

Nordstrom is a leading American luxury department store chain offering a wide selection of clothing, shoes, accessories, and beauty products through its stores, Nordstrom Rack outlets, and online. Industry: Luxury Department Store Retail

Nordstrom currently has 37 open roles on FindRole.

Listed pay typically runs $142,000–$258,000 across 37 roles with salary data.

Most-posted roles

View all roles at Nordstrom

At a glance

TL;DR · Senior Application Security Engineer

Role Posting Log in to save

As a Senior Application Security Engineer at Nordstrom, you will join the newly established Application Security team and work closely with product engineering and DevOps to build secure-by-default patterns and tooling for web, mobile, and API ecosystems. Your responsibilities include owning the AppSec tool stack (SAST, SCA, secrets scanning, DAST), automating security tasks, and partnering with other security teams to mentor engineers and raise the application security bar across the organization. Ideal candidates have 4+ years of experience in application security or a related field, expertise in threat modeling and manual code review, and hands-on fluency using AI for real security work. Proficiency in languages like Java, Kotlin, C#, or Python is required, along with knowledge of cloud-native, container, and serverless security practices.

Skills

Python Java Kubernetes AWS GCP Azure CI/CD SAST SCA Docker LLM GitHub_Advanced_Security JFrog_Artifactory

What you'll do

Build secure-by-default patterns and tooling for teams to integrate into their pipelines.
Own and optimize the application security tool stack for minimal noise and maximum signal.
Automate routine security tasks, reserving manual review for complex issues requiring judgment.
Mentor engineers and collaborate with other security teams to enhance overall app security.
Use AI effectively in security work while maintaining critical judgment on verification needs.

What we're looking for

4+ years of experience in application security or secure software development.
Expertise in threat modeling, security design review, and manual code review.
Proficiency in programming languages such as Java, Kotlin, C#, or Python.
Hands-on experience with cloud-native, container, and serverless security.
Fluency using AI for security work with judgment on trustworthiness.
Knowledge of how large language models (LLM) and agents can fail.