Job Description
Nordstrom’s Computer Security & Incident Response Team (CSIRT) is a diverse team of security professionals that delivers a broad range of incident response services to monitor, identify, and respond to security events in an enterprise environment to protect Nordstrom’s customers, our employees, and our brands.
About the Role
As a CSIRT Senior Engineer, you will apply your security knowledge, technical expertise and communication skills to provide expert analysis, leadership, and guidance during incident response investigations. You will embrace new challenges with a positive attitude, identify and proactively resolve security issues with confidence, and display a curious mindset while learning new technologies or techniques. In addition to performing incident response, you will help to grow and improve Nordstrom’s security posture via cross-team collaboration.
To be successful in this position, you must be proficient with:
- Incident Response – You are highly effective at triaging and managing workstreams while working toward incident remediation.
- Leadership – You can function as a lead investigator and facilitate response involving multiple stakeholders under pressure while mentoring team members on nuances of incident response.
- Offensive Techniques – You are very familiar with the MITRE ATT&CK framework and real-world scenarios and use those inputs to effectively prioritize initiatives and remediations in the Nordstrom environment.
- Logs – You are comfortable in analyzing logs from SIEMs and other sources to identify anomalous activity, recreate incidents, correlate events, and hunt for threats.
- System Forensics – You have a deep understanding of image acquisition techniques, memory, host, file and browser forensics and familiarity mentoring junior engineers on those techniques.
- Digital Fraud – You are familiar with common TTPs threat actors leverage.
- Networking and Identity Fundamentals – You understand TCP/IP Protocols, SSL/TLS, authentication protocols such as SAML andOAuth, and network analysis tools such as Wireshark or TCPDump, and leveraging those skills to further the incident response.
- Automation – You are very capable of developing and/or modifying scripts to automate repetitive tasks and/or improve detection and response capabilities.
- Mentorship – You have experience and are comfortable developing other security engineers or analysts to produce positive outcomes and increase team capabilities.
- Security Strategy – You know how to develop or improve upon Security and Engineering standards, provide recruitment and retention recommendations, and drive improvements within the engineering community.
Minimum Qualifications
- Bachelor’s degree or equivalent experience
- 4+ years of IT experience, primarily focused on security and incident response activities
- At least one industry certification such as CISSP, CISA, CEH, GSEC, GCFE
- Strong ability to write scripts/code using Python, Bash, PowerShell, or equivalent
- Advanced knowledge of digital forensics including memory and dead-disk examinations of Windows, macOS, and Linux systems
- Proven ability to establish and foster close working relationships with partner teams, to include coordinating with other members of Information Technology to plan for future security requirements
- Advanced knowledge of security best practices and technologies with an emphasis on current technologies and threats
- Strong experience fostering the growth of team members by providing training, guidance, and mentorship to less experienced engineers
- Demonstrated experience deploying, configuring, and/or monitoring cloud security tools
- Experience working in an environment that is certified and compliant with a globally recognized Security Framework / Information Security Management System (NIST SP 800-53, ISO27001, HIPAA, SOX, PCI)
- Expert written and verbal communications skills to include presenting to various levels of business and technical leadership.
- Advanced ability to successfully prioritize, execute, and deliver independently with minimal supervision
- Strong understanding of the chain of custody process as well as proper physical and digital evidence storage
- Proven ability to maintain confidentiality and work under short deadlines in stressful situations
- Strong attention to detail
In addition, a minimum of one (1) year of specialized experience in one or more of the following areas is required:
- Security Assessment or Offensive Security
- Application security, cloud security, or network security
- Creating and implementing sophisticated SIEM detections
Desired Qualifications
- Advanced understanding of cloud security
- Ability to reverse engineer malware
- Experience conducting container forensics
- Digital forensics certifications
- Splunk certifications
We’ve got you covered…
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
© 2022 Nordstrom, Inc
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Pay Range Details
The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.
Washington: $142,000 - $220,500 annually (depending on experience)
This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf
