Senior Network Security Engineer

About

Are you passionate about securing the infrastructure that powers one of retail's most iconic brands? Nordstrom is on a journey to modernize and fortify the systems that connect our employees, partners, and customers across 400+ locations and multi-cloud environments. To support that mission, we are hiring a Senior Network Security Engineer to join our NIO organization.

You will be part of a team of highly skilled security and infrastructure professionals responsible for designing, operating, and automating the network security controls that protect Nordstrom's enterprise. The ideal candidate thinks in automation first, understands how networks actually work, and brings deep expertise in cloud security, identity, and access. You will partner closely with engineers, architects, and platform teams to execute on both strategic and day-to-day security goals.

A Day in the Life

• Design, deploy, and operate network security controls across enterprise, cloud (AWS, Azure, GCP), and retail edge environments
• Implement and maintain zero-trust network access (ZTNA) policies, microsegmentation, and perimeter security using tools like Zscaler, Palo Alto Networks, and cloud-native NGFWs
• Build and maintain automation pipelines for security policy management, firewall rule lifecycle, and compliance validation — treating infrastructure as code
• Collaborate with cloud, platform, and application teams to integrate security at the network layer without blocking delivery velocity
• Serve as a subject matter expert for authentication and authorization frameworks: 802.1X, EAP-TLS, RADIUS/ClearPass, certificate management, and IAM integrations
• Monitor, triage, and respond to network security events; drive root cause analysis and long-term remediation
• Author engineering documentation, threat models, and security runbooks; contribute to architecture reviews
• Mentor engineers across the NIO organization on security best practices and automation patterns
• Participate in on-call rotation for critical security infrastructure

More About You

• You approach every problem with an automation-first mindset — if you're doing something twice, you're already writing the script
• You understand the network well enough to implement security without needing a network engineer in the room — you can read a routing table, troubleshoot a VLAN, and reason about traffic flows
• You've operated security in cloud environments and understand how AWS Security Groups, Azure NSGs, cloud NGFW, and service mesh fit into a layered defense model
• Authentication and authorization are not just checkboxes to you — you have strong opinions about certificate lifecycles, EAP methods, and identity-aware policy enforcement
• You communicate clearly with both engineers and executives, translating complex security posture into business risk
• You thrive in ambiguity, work with urgency during incidents, and bring calm, structured thinking under pressure
• Passionate about continuous improvement and raising the security bar across teams you work with

Qualifications

• Bachelor's or master's degree in Computer Science, Engineering, Cybersecurity, or equivalent education and experience
• 7+ years of progressive enterprise security engineering experience with demonstrated depth in network security domains
• Hands-on experience with cloud security architecture across two or more major cloud platforms (AWS, Azure, GCP, OCI) — including cloud NGFW, VPC security controls, and private connectivity patterns
• Strong automation and IaC experience: Python, Terraform, Ansible, or equivalent — you write production-grade automation, not one-off scripts
• Deep expertise in network security technologies: next-gen firewalls (Palo Alto), ZTNA/SWG (Zscaler), IDS/IPS, and DDoS mitigation
• Strong working knowledge of authentication and authorization: 802.1X, EAP-TLS, RADIUS, ClearPass/ISE, SAML, OAuth, and PKI/certificate management
• Solid foundational network knowledge: TCP/IP, BGP, SD-WAN concepts, VLAN segmentation, DNS, and routing protocols — enough to own security outcomes independently
• Experience with security policy-as-code, CI/CD pipelines for network security changes, and GitOps workflows
• Effective written and verbal communication; able to produce clear RCAs, architecture docs, and executive summaries

Nice to Have

• Experience with Versa SD-WAN security policy, Juniper Mist access policy, or Fastly/edge security controls
• Familiarity with SIEM platforms, SOAR workflows, or security data pipelines (e.g., New Relic, Splunk)
• Relevant certifications: PCNSE, CCNP Security, AWS/Azure Security Specialty, CISSP, or equivalent
• Retail or high-velocity e-commerce security experience

Benefits

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources
• 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more.

Additional Information

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. This position may be eligible for performance-based incentives/bonuses. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf