Senior 2 Attack Surface Analyst (Hybrid - Seattle)
$166,000–$258,000 year
Hybrid · Seattle, Washington, United States
Job Summary
Senior Attack Surface Analyst leading the growth of Nordstrom’s attack surface management program, collaborating with cybersecurity and technology teams to prioritize risk, automate remediation activities, and design and implement net-new capabilities. Drives improvements in attack surface management processes, maintains security standards and runbooks, mentors teammates, leads compliance activities (e.g., PCI), and develops metrics to measure operational efficiency and risk. Partner with AppSec, DevOps, and cloud teams to secure deployments with a secure-by-design approach, maintain a map of the attack surface, and leverage threat intel and dark web monitoring. Demonstrates leadership to reduce exposures across Nordstrom’s technologies and advances capabilities through training and industry engagement.
Required Qualifications
- 6+ years in security operations, vulnerability management, or offensive security domains, including experience in a senior or lead capacity
- Deep knowledge of the MITRE ATT&CK framework, threat actor tactics, techniques, and procedures (TTPs)
- Experience implementing cloud security controls in a multi-cloud environment
- Proficiency in enterprise information technology (IT) architecture principles and practices
- Knowledge of offensive security methodologies and ethical hacking principles and practices
- Deep understanding of system landscape and data flow within the domain and across adjacent domains
- Expertise in scripting languages (e.g., Python, PowerShell) for process automation
- Advanced knowledge of networking, system administration, cloud services, asset management, and cybersecurity principles
- Deep understanding of the processes and controls needed to satisfy relevant regulatory and compliance requirements (e.g., PCI) for vulnerability and attack surface management
- Strong leadership and communication skills
- Bachelor’s or Master’s degree in Information Technology, Computer Science, Cybersecurity, or a related field; equivalent experience will be considered in lieu of a degree
Desired Qualifications
- 6+ years in security operations, vulnerability management, or offensive security
- Experience implementing cloud security controls in a multi-cloud environment
- Proficiency in enterprise IT architecture principles and practices
- Knowledge of offensive security methodologies and ethical hacking principles and practices
- Deep understanding of system landscape and data flow within the domain and across adjacent domains
- Expertise in scripting languages (e.g., Python, PowerShell) for process automation
- Advanced knowledge of networking, system administration, cloud services, asset management, and cybersecurity principles
- Deep understanding of PCI and related regulatory/compliance requirements
- Strong leadership and communication skills
- Bachelor’s or Master’s degree in Information Technology, Computer Science, Cybersecurity, or a related field; equivalent experience will be considered in lieu of a degree
- Preferred experience developing attack surface management capabilities and coaching more junior analysts
- Expertise across cybersecurity domains including vulnerability management, cloud security, attack surface management, network security, and cyber hygiene
- Demonstrated thought leadership on the application of emerging AI technologies within cybersecurity domains
- Advanced certifications (e.g., OSCE, GREM, CISSP)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.