Senior Attack Surface Analyst

Nordstrom

Hybrid

Quick summary

Work type: Hybrid
Location: Seattle, WA
Salary: $166,000–$258,000 / yr
Posted: 5 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $176k

This role $212k

$121k most similar roles pay here $273k

This role pays more than 79% of similar roles. Most pay $142,400–$209,150 — the shaded band above. At the midpoint, this role pays about $212k versus about $176k for comparable roles.

Based on 239 similar postings.

Employer

About Nordstrom

Nordstrom is a leading American luxury department store chain offering a wide selection of clothing, shoes, accessories, and beauty products through its stores, Nordstrom Rack outlets, and online. Industry: Luxury Department Store Retail

Nordstrom currently has 37 open roles on FindRole.

Listed pay typically runs $142,000–$258,000 across 37 roles with salary data.

Most-posted roles

View all roles at Nordstrom

At a glance

TL;DR · Senior Attack Surface Analyst

Role Posting Log in to save

As a Senior Attack Surface Analyst at Nordstrom, you will lead the expansion of the attack surface management program within a dynamic cybersecurity team. Your daily responsibilities include identifying and assessing high-risk exposures, collaborating with technology partners to prioritize risk and execute remediation activities, and automating processes to enhance security. You will maintain Cybersecurity Standards and runbooks while ensuring secure-by-design practices are integrated into software development through collaboration with AppSec and DevOps teams. Utilizing scripting languages like Python and PowerShell for automation, you will leverage your deep knowledge of the MITRE ATT&CK framework and cloud security controls in a multi-cloud environment to drive data-driven initiatives that reduce vulnerabilities across Nordstrom’s technology landscape. This role demands expertise in networking, system administration, and compliance with regulatory requirements such as PCI, alongside strong leadership and communication skills to mentor team members and present metrics for operational efficiency.

Skills

Python PowerShell MITRE ATT&CK PCI AWS Azure GCP Terraform Kubernetes Docker CI/CD Prometheus Grafana PostgreSQL MSSQL Linux Windows Server Network Security System Administration Asset Management

What you'll do

Lead growth and implementation of attack surface management solutions to enhance visibility into exposures.
Drive continuous improvements in processes, methodologies, and security toolsets for operational effectiveness.
Maintain cybersecurity standards and runbooks for attack surface management.
Secure deployments by integrating security best practices with AppSec, DevOps, and cloud platform teams.
Conduct regular assessments and leverage dark web monitoring to maintain a map of Nordstrom’s attack surface.
Champion architectural changes that reduce vulnerabilities and exposures across technologies.
Develop metrics to measure operational efficiency and risk in attack surface management.

What we're looking for

6+ years experience in security operations or offensive security roles, including senior-level responsibilities.
Deep knowledge of MITRE ATT&CK framework and threat actor tactics, techniques, and procedures (TTPs).
Expertise in implementing cloud security controls across multi-cloud environments.
Proficiency in enterprise IT architecture principles and scripting languages for automation.
Advanced understanding of networking, system administration, asset management, and cybersecurity principles.
Strong leadership skills and ability to communicate effectively with technical teams.

Similar roles

Senior Security Engineer, Threat Intelligence & Detection Engineering

Nordstrom

Seattle, WA 23 days ago $142,000–$220,500

CrowdStrike MITRE ATT&CK Python PowerShell SIEM EDR LogScale/CQL MISP ThreatConnect Recorded Future STIX/TAXII Git CI/CD Azure AWS SOAR Docker

Hybrid

Save

Senior Principal Engineer, Cybersecurity

Nordstrom

Seattle, WA 32 days ago $200,500–$332,000

AWS Azure GCP Kubernetes Terraform Python Go Java DevSecOps SABSA O-ESA TOGAF SIEM SOAR XDR Zero Trust architecture AI/ML security Infrastructure as Code Container orchestration security

Hybrid

Save

Distinguished Engineer, Exposure Management

CVS Health

Remote (Scottsdale, AZ) 11 days ago $175,100–$334,750

Python Kubernetes Terraform Docker CI/CD Prometheus Grafana PostgreSQL AWS Azure GenAI LLM CTI MITRE ATT&CK ServiceNow Jira GitOps HITRUST CSF NIST CSF PCI DSS SEC cyber-incident disclosure rule CI/CD pipelines Data Lakehouse Graph Databases Semantic Layers Federated Query XM Cyber Wiz Security Graph Tenable One MDS2 SBOM

Remote

Save

Senior Applied Threat Intelligence Analyst, Microsoft Security Threat Response

Microsoft

Redmond, WA 11 days ago $119,800–$234,700

Microsoft Sentinel Microsoft Defender XDR MITRE ATT&CK KQL SQL Python PowerShell C# C++ OS internals network protocols reverse engineering malware analysis Cyber Kill Chain Diamond Model

Save

Lead Security Assessment Engineer

Nordstrom

Seattle, WA 5 days ago $166,000–$258,000

AI CI/CD Kubernetes Docker Python PostgreSQL AWS Azure GCP Terraform GitLab Jenkins Swagger/OpenAPI OAuth SAML OWASP Top Ten NIST Cybersecurity Framework ISO 27001

Hybrid

Save

Senior Offensive Security Engineer

Chime

San Francisco, CA 30 days ago

Kubernetes Python Go Docker CI/CD AWS Azure GCP PostgreSQL Linux Git GitHub Jenkins Splunk Terraform Ansible Nmap Metasploit Wireshark OWASP Top Ten

Hybrid

Save