Principal Security Engineer; Hybrid - Seattle

We are seeking an accomplished Principal Security Engineer to serve within Nordstrom's Cybersecurity & Privacy Organization (CPO). This role will drive the architecture, implementation, and evolution of enterprise security solutions while providing technical leadership across critical security domains. The ideal candidate will be a seasoned security practitioner with deep technical expertise, a passion for mentoring, and the ability to influence security strategy at the highest levels of the organization.

The goal is to enable secure business innovation and operational stability through proactive security design and strategic risk management.

• Lead the design and architecture of enterprise security solutions across cloud, on-premises, and hybrid environments.
• Provide technical direction and oversight for complex security initiatives, including zero trust implementation, cloud security, and security automation programs.
• Serve as a principal technical advisor to security leadership, engineering teams, and business stakeholders on security architecture, risk management, and emerging threats.
• Drive security innovation through evaluation and integration of cutting‑edge technologies, including AI/ML‑based security tools and security orchestration platforms.
• Lead cross‑functional security architecture reviews and threat modeling exercises for critical business systems and applications.
• Develop and maintain enterprise security standards, design patterns, and reference architectures aligned with industry best practices and regulatory requirements.
• Mentor and guide security engineers and analysts; foster a culture of technical excellence and continuous learning within the security organization.
• Collaborate with enterprise architecture, infrastructure, application development, and Dev Sec Ops  teams to embed security throughout the technology lifecycle.
• Lead security incident response efforts for critical or complex security events, providing technical expertise and strategic guidance.
• Conduct advanced security research and vulnerability analysis; develop proof‑of‑concepts and remediation strategies for emerging threats.
• Partner with compliance, audit, and risk management teams to ensure security controls meet regulatory requirements (e.g., PCI‑DSS and CCPA).
• Track and communicate security program metrics, technical roadmaps, and risk posture to executive leadership and board‑level stakeholders.
• Drive automation and tooling initiatives to scale security operations, reduce manual workflows, and improve detection and response capabilities.

• Bachelor's degree in Computer Science, Information Security, Engineering, or related field;
  Master's degree preferred.
• 12+ years of experience in information security, with at least 5 years in a senior or principal technical leadership role.
• Deep expertise across multiple security domains: application security, cloud security, network security, identity and access management, threat detection, and incident response.
• Proven experience architecting and implementing security solutions in large‑scale enterprise environments, including cloud platforms (AWS, Azure, GCP).
• Strong understanding of security frameworks and standards (NIST CSF, CIS Controls, OWASP, MITRE ATT&CK).
• Demonstrated experience with security tools and technologies: SIEM, EDR/XDR, CASB, PAM, vulnerability management, threat intelligence platforms, and security automation tools.
• Exceptional communication and stakeholder management skills with ability to influence at all organizational levels.
• Relevant certifications required (e.g., CISSP, GIAC, CCSP, OSCP, or equivalent advanced certifications).

• Experience driving security transformations in retail, e‑commerce, or other large‑scale consumer‑facing environments.
• Deep knowledge of Dev Sec Ops  practices, security‑as‑code, and CI/CD security integration.
• Experience with security orchestration, automation, and response (SOAR) platforms and AI‑enhanced security solutions.
• Proven track record of mentoring and developing security professionals in complex, matrixed organizations.
• Strong understanding of supply chain security,…