Senior Application Security Engineer
Indexed description
A Day in the Life
- Build secure-by-default patterns and paved-road tooling so teams get security built into the pipelines and frameworks they already use
- Own the AppSec tooling stack (SAST, SCA, secrets scanning, DAST), tune it for signal over noise, and route findings into where engineers already work
- Automate the security work that doesn’t need human judgment, and save manual review for the work that does
- Partner with our security teams, mentor engineers and champions, and raise the application security bar across the org
- You’d rather build the guardrail than write the policy, and you’ve shipped tooling that changed how other engineers work
- You go looking for the problems worth solving and own them end to end
- You’re the security person other teams want in the room, because you explain risk clearly, respect how teams work, and help them find a fix that fits
- You think in risk, not severity scores. You know the difference between a finding that’s exploitable in our context and one that just looks scary, and you prioritize accordingly
- 4+ years in application security, secure software development, or a closely related field, with a bachelor’s or master’s in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent experience
- A track record shipping security tooling, automation, or reusable patterns, not just operating off-the-shelf tools
- Expert-level threat modeling, security design review, and manual code review, with deep knowledge of application and API vulnerability classes and how to design them out
- Fluent enough to read and write code in languages like Java, Kotlin, C#, or Python
- Hands-on fluency using AI to accelerate real security work, with judgment about where to trust it and where to verify
- Working knowledge of how LLM and agent features fail, including prompt injection, unsafe tool and permission use, and data leakage through model outputs
- Cloud-native, container, and serverless security (AWS, GCP, Azure, Kubernetes)
- Hands-on with GitHub Advanced Security and JFrog Artifactory, or similar
- Offensive security experience
- Vulnerability disclosure or bug bounty program experience
- Production software engineering background
- Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB
Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
California: $120,000-$258,000, Colorado: $120,000-$219,500, Connecticut: $120,000-$258,000, Deleware: $120,000-$219,500, Hawaii: $120,000-$219,500, Illinois: $120,000-$219,500, Maine: $120,000-$219,500, Maryland: $120,000-$258,000, Massachusetts: $120,000-$258,000, Minnesota: $120,000-$219,500, Nevada: $120,000-$219,500, New Jersey: $120,000-$258,000, New York: $120,000-$258,000, Rhode Island: $120,000-$219,500, Virginia: $120,000-$258,500, Washington: $120,000-$258,500, Washington DC: $142,000-$258,000
We’ve got you covered…
Benefits
Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
- Medical/Vision, Dental, Retirement and Paid Time Away
- Life Insurance and Disability
- Merchandise Discount and EAP Resources
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Nordstrom keeps job postings open for at least one day after the posting date.
© 2026 Nordstrom, Inc
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search