Sr. Network Security Engineer (Hybrid - Seattle, WA)

Nordstrom•Seattle, WA

18h•Hybrid

About The Position

Are you passionate about securing the infrastructure that powers one of retail's most iconic brands? Nordstrom is on a journey to modernize and fortify the systems that connect our employees, partners, and customers across 400+ locations and multi-cloud environments. To support that mission, we are hiring a Senior Network Security Engineer to join our NIO organization. You will be part of a team of highly skilled security and infrastructure professionals responsible for designing, operating, and automating the network security controls that protect Nordstrom's enterprise. The ideal candidate thinks in automation first, understands how networks actually work, and brings deep expertise in cloud security, identity, and access. You will partner closely with engineers, architects, and platform teams to execute on both strategic and day-to-day security goals.

Requirements

Bachelor's or master's degree in Computer Science, Engineering, Cybersecurity, or equivalent education and experience
7+ years of progressive enterprise security engineering experience with demonstrated depth in network security domains
Hands-on experience with cloud security architecture across two or more major cloud platforms (AWS, Azure, GCP, OCI) — including cloud NGFW, VPC security controls, and private connectivity patterns
Strong automation and IaC experience: Python, Terraform, Ansible, or equivalent — you write production-grade automation, not one-off scripts
Deep expertise in network security technologies: next-gen firewalls (Palo Alto), ZTNA/SWG (Zscaler), IDS/IPS, and DDoS mitigation
Strong working knowledge of authentication and authorization: 802.1X, EAP-TLS, RADIUS, ClearPass/ISE, SAML, OAuth, and PKI/certificate management
Solid foundational network knowledge: TCP/IP, BGP, SD-WAN concepts, VLAN segmentation, DNS, and routing protocols — enough to own security outcomes independently
Experience with security policy-as-code, CI/CD pipelines for network security changes, and GitOps workflows
Effective written and verbal communication; able to produce clear RCAs, architecture docs, and executive summaries

Nice To Haves

Experience with Versa SD-WAN security policy, Juniper Mist access policy, or Fastly/edge security controls
Familiarity with SIEM platforms, SOAR workflows, or security data pipelines (e.g., New Relic, Splunk)
Relevant certifications: PCNSE, CCNP Security, AWS/Azure Security Specialty, CISSP, or equivalent
Retail or high-velocity e-commerce security experience

Responsibilities

Design, deploy, and operate network security controls across enterprise, cloud (AWS, Azure, GCP), and retail edge environments
Implement and maintain zero-trust network access (ZTNA) policies, microsegmentation, and perimeter security using tools like Zscaler, Palo Alto Networks, and cloud-native NGFWs
Build and maintain automation pipelines for security policy management, firewall rule lifecycle, and compliance validation — treating infrastructure as code
Collaborate with cloud, platform, and application teams to integrate security at the network layer without blocking delivery velocity
Serve as a subject matter expert for authentication and authorization frameworks: 802.1X, EAP-TLS, RADIUS/ClearPass, certificate management, and IAM integrations
Monitor, triage, and respond to network security events; drive root cause analysis and long-term remediation
Author engineering documentation, threat models, and security runbooks; contribute to architecture reviews
Mentor engineers across the NIO organization on security best practices and automation patterns
Participate in on-call rotation for critical security infrastructure