Security Platform Engineer 2 (Hybrid - Seattle)
Nordstrom · Seattle, WA · 2 wk ago
HybridEngineeringFull-time
Platform Engineering & Operations
- Provide engineering and sustainment support across the full SPE platform portfolio — including EDR, DLP, data encryption, email security, CSPM, and SIEM — ensuring platforms are highly available, performant, and cost-effective.
- Partner with IT, infrastructure, and application teams to maintain seamless security platform integrations across Nordstrom’s hybrid on-prem, cloud, and retail store environments.
- Maintain platform health metrics — including EDR, Qualys, and Tanium agent coverage — and contribute to Monthly Business/Program Reviews (MBR/MPR) reporting.
- Manage security platform migrations, upgrades, and configuration changes with minimal business disruption; develop and execute detailed test plans for platform changes.
- Participate in an on-call rotation for platform-related incidents and support Threat Intel, CSIRT/SOC teams during security events requiring platform investigation or response.
Engineering & Automation
- Design, develop, and maintain automation tooling and CI/CD pipelines that improve platform deployment, configuration management, and operational efficiency.
- Write and maintain engineering-level documentation including architecture decisions, runbooks, deployment guides, and test plans.
- Contribute to the development of in-house tooling using Python, Bash, and NodeJS to automate repetitive operational tasks and reduce manual toil across the platform portfolio.
- Leverage infrastructure-as-code practices (Terraform) and containerization (Docker, Kubernetes) where applicable to platform deployment and management.
- Apply AI tooling — including GitHub Copilot and Claude — to accelerate engineering workflows and improve team productivity.
Cross-functional Collaboration
- Partner with Threat Intel & Detection Engineering, SOC and CSIRT teams to ensure platform configurations align with active detection and incident response requirements.
- Collaborate with GRC teams to ensure security platforms meet compliance requirements across NIST CSF, PCI DSS, SOC 1/2, and related frameworks.
- Communicate clearly and effectively with technical and non-technical stakeholders across engineering, IT, and business teams.
- Mentor junior engineers in both technical skills and engineering best practices; contribute to a culture of knowledge sharing and continuous improvement.
About You
- You bring hands-on experience in a large-scale security, technology, or e-commerce environment — and you understand the unique security challenges of hybrid retail environments.
- You’re a strong cross-functional collaborator who builds trust with stakeholders at all levels, from engineers to executive leadership.
- You have a bias toward automation — when you see a repetitive manual process, your instinct is to eliminate it.
- You take ownership end to end: you don’t consider a platform ‘done’ when it’s deployed; you care about its ongoing health, coverage, and evolution.
- You’re comfortable with ambiguity and can prioritize effectively in a fast-paced environment with multiple competing demands.
- You’re genuinely interested in mentoring others and investing in the growth of the engineers around you.
- You bring an AI-first mindset — you actively look for opportunities to integrate AI tools into your engineering workflow.
Required Qualifications
- Minimum 3 years of experience in security platform engineering, security operations, or related technical roles supporting mission-critical systems.
- Minimum 2 years of hands-on experience with scripting or programming languages — preferably Python, Bash, or NodeJS/JavaScript.
- Experience with enterprise security platforms across two or more of the following domains: endpoint security (EDR/XDR), data loss prevention, data encryption, email security, CSPM, or SIEM.
- Working knowledge of security frameworks and standards including MITRE ATT&CK, NIST CSF, PCI DSS, and CIS Controls.
- Demonstrated ability to analyse log data, security alerts, and platform telemetry; Splunk or equivalent SIEM experience required.
- Experience developing automation tooling or contributing to CI/CD pipelines in an engineering environment.
- Strong written and oral communication skills; ability to translate technical concepts clearly for non-technical stakeholders.
- Advanced understanding of systems design principles, technical architecture, and a track record of platform implementation and support.
Preferred Qualifications
- Hands-on experience with one or more SPE platforms: CrowdStrike Falcon, Wiz (CSPM), NewRelic, CipherTrust, Secure File Server (SFS), OnSpring, Proofpoint, Qualys, or Tanium.
- Experience with cloud security platforms and securing hybrid environments (AWS, Azure, GCP).
- Familiarity with infrastructure-as-code tools — Terraform, Docker, Kubernetes, or Helm.
- Experience with identity and access management platforms — Okta, Active Directory, SAML/SSO, LDAP.
- Understanding of retail or e-commerce security challenges including POS security, PCI DSS compliance, and hybrid store/cloud environments.
- Experience supporting or partnering with Threat Intel & Detection Engineering, SOC or CSIRT teams in an incident response capacity.
- Relevant industry certifications: CompTIA Security+, CISSP, CISM, AWS Security, or equivalent.
- Background in software engineering or development; experience with DevSecOps practices.
- Familiarity with AI-powered security tooling or experience integrating AI tools into engineering workflows.