Nordstrom
Penetration Tester 2 (Hybrid - Seattle) at Nordstrom
About Nordstrom Nordstrom is committed to delivering exceptional customer experiences while maintaining the highest standards of security. As part of our Cyber Security and Privacy Team, you’ll help protect our customers, employees, and business through proactive mitigation of cyber risks.
Position Summary The Penetration Tester II will conduct penetration tests across web, network, and cloud environments. You will identify vulnerabilities, exploit weaknesses, assess likelihood and impact to Nordstrom, and write detailed penetration test reports for stakeholders. This role works independently on standard assessments and collaborates with senior Penetration Testers on complex engagements.
Responsibilities
Independently plan and execute reconnaissance activities across diverse systems and environments.
Conduct standard penetration tests independently across networks, applications, and cloud environments with moderate support from Senior Analysts.
Perform authenticated and unauthenticated testing to identify and confirm exploitable vulnerabilities.
Execute exploitation of discovered vulnerabilities and thoroughly document security impact.
Tune scanning and enumeration tools to minimize false positives and validate findings.
Participate in purple team engagements, carrying out scripted simulations and validating results.
Document findings with detailed titles, affected assets, scope, and reproducible evidence.
Provide actionable remediation guidance and safe interim mitigation strategies.
Collaborate with development and infrastructure teams to validate fixes.
Qualifications
2‑4 years of hands‑on experience in penetration testing, offensive security, ethical hacking, or related security assessment roles.
Working knowledge of common penetration testing tools and frameworks (Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, or similar).
Understanding of network protocols, operating systems (Windows, Linux, macOS), and cloud platforms (AWS, Azure, GCP).
Familiarity with Active Directory, authentication mechanisms, and common exploitation techniques.
Experience with scripting languages (Python, Bash, PowerShell).
Strong analytical and problem‑solving skills with attention to detail.
Clear written and verbal communication skills, including ability to translate technical findings for diverse audiences.
Ability to work independently while knowing when to elevate or seek guidance.
Strong organizational skills and ability to manage multiple concurrent assessments.
Commitment to ethical standards and discretion when handling sensitive security information.
Bachelor’s Degree or Master’s in Information Technology, Computer Science, Cybersecurity or related experience required.
Relevant certification(s) (e.g., Pentest+, CEH, GPEN, OSCP).
Expected Skills
Security Testing: Executes penetration tests and validates vulnerabilities.
Security Engineering: Automates testing tasks and supports remediation.
Threat Analysis: Identifies risks and communicates technical findings.
Benefits
Medical/Vision, Dental, Retirement and Paid Time Away.
Life Insurance and Disability.
Merchandise Discount and EAP Resources.
Pay Range Details $121,500.00 – $188,500.00 Annual Performance‑based incentives/bonuses may be available. Eligibility and additional benefits vary by location and experience.
Legal and EEO Statements For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after a conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location‑specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location. You can also find resources at
www.nordstrom.com .
You are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, or genetic information.
#J-18808-Ljbffr
About Nordstrom Nordstrom is committed to delivering exceptional customer experiences while maintaining the highest standards of security. As part of our Cyber Security and Privacy Team, you’ll help protect our customers, employees, and business through proactive mitigation of cyber risks.
Position Summary The Penetration Tester II will conduct penetration tests across web, network, and cloud environments. You will identify vulnerabilities, exploit weaknesses, assess likelihood and impact to Nordstrom, and write detailed penetration test reports for stakeholders. This role works independently on standard assessments and collaborates with senior Penetration Testers on complex engagements.
Responsibilities
Independently plan and execute reconnaissance activities across diverse systems and environments.
Conduct standard penetration tests independently across networks, applications, and cloud environments with moderate support from Senior Analysts.
Perform authenticated and unauthenticated testing to identify and confirm exploitable vulnerabilities.
Execute exploitation of discovered vulnerabilities and thoroughly document security impact.
Tune scanning and enumeration tools to minimize false positives and validate findings.
Participate in purple team engagements, carrying out scripted simulations and validating results.
Document findings with detailed titles, affected assets, scope, and reproducible evidence.
Provide actionable remediation guidance and safe interim mitigation strategies.
Collaborate with development and infrastructure teams to validate fixes.
Qualifications
2‑4 years of hands‑on experience in penetration testing, offensive security, ethical hacking, or related security assessment roles.
Working knowledge of common penetration testing tools and frameworks (Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, or similar).
Understanding of network protocols, operating systems (Windows, Linux, macOS), and cloud platforms (AWS, Azure, GCP).
Familiarity with Active Directory, authentication mechanisms, and common exploitation techniques.
Experience with scripting languages (Python, Bash, PowerShell).
Strong analytical and problem‑solving skills with attention to detail.
Clear written and verbal communication skills, including ability to translate technical findings for diverse audiences.
Ability to work independently while knowing when to elevate or seek guidance.
Strong organizational skills and ability to manage multiple concurrent assessments.
Commitment to ethical standards and discretion when handling sensitive security information.
Bachelor’s Degree or Master’s in Information Technology, Computer Science, Cybersecurity or related experience required.
Relevant certification(s) (e.g., Pentest+, CEH, GPEN, OSCP).
Expected Skills
Security Testing: Executes penetration tests and validates vulnerabilities.
Security Engineering: Automates testing tasks and supports remediation.
Threat Analysis: Identifies risks and communicates technical findings.
Benefits
Medical/Vision, Dental, Retirement and Paid Time Away.
Life Insurance and Disability.
Merchandise Discount and EAP Resources.
Pay Range Details $121,500.00 – $188,500.00 Annual Performance‑based incentives/bonuses may be available. Eligibility and additional benefits vary by location and experience.
Legal and EEO Statements For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after a conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location‑specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location. You can also find resources at
www.nordstrom.com .
You are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, or genetic information.
#J-18808-Ljbffr