Penetration Tester 2 (Hybrid - Seattle)

Nordstrom is committed to delivering exceptional customer experiences while maintaining the highest standards of security. As part of our Cyber Security and Privacy Team, you'll help protect our customers, employees, and business through proactive mitigation of cyber risks.

The Penetration Tester II will conduct penetration tests across web, network, and cloud environments. This role identifies vulnerabilities, exploits weaknesses, assesses the likelihood and impact to Nordstrom, and writes detailed penetration test reports for stakeholders. The Penetration Tester II works independently on standard assessments and collaborates with senior Penetration Testers on complex engagements.

• Independently plan and execute reconnaissance activities across diverse systems and environments.
• Conduct standard penetration tests independently across networks, applications, and cloud environments with moderate support from Senior Analysts.
• Perform authenticated and unauthenticated testing to identify and confirm exploitable vulnerabilities
• Execute exploitation of discovered vulnerabilities and thoroughly document security impact
• Tune scanning and enumeration tools to minimize false positives and validate findings

• Participate in purple team engagements, carrying out scripted simulations, and validating results.

• Document findings with detailed titles, affected assets, scope, and reproducible evidence.
• Provide actionable remediation guidance and safe interim mitigation strategies

• Collaborate with development and infrastructure teams to validate fixes.

• 2-4 years of hands-on experience in penetration testing, offensive security, ethical hacking, or related security assessment roles

• Working knowledge of common penetration testing tools and frameworks (Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, or similar)
• Understanding of network protocols, operating systems (Windows, Linux, macOS), and cloud platforms (AWS, Azure, GCP)
• Familiarity with Active Directory, authentication mechanisms, and common exploitation techniques

• Experience with scripting languages (Python, Bash, PowerShell)

• Strong analytical and problem-solving skills with attention to detail

• Clear written and verbal communication skills, including ability to translate technical findings for diverse audiences
• Ability to work independently while knowing when to escalate or seek guidance
• Strong organizational skills and ability to manage multiple concurrent assessments
• Commitment to ethical standards and discretion when handling sensitive security information

• Bachelors Degree or Masters in Information Technology, Computer Science, Cybersecurity or related experience required
• Relevant certification(s) (e.g., Pentest+, CEH, GPEN, OSCP)

• Security Testing: Executes penetration tests and validates vulnerabilities
• Security Engineering: Automates testing tasks and supports remediation
• Threat Analysis: Identifies risks and communicates technical findings

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.