Nordstrom
Senior Manager, Threat Intelligence & Detection Engineering (Hybr...
Nordstrom - Seattle, Washington, United States, 98101
Work at Nordstrom
Overview
- View job
Overview
Senior Manager Of Threat Intelligence And Detection Engineering
We are looking for an experienced and visionary Senior Manager of Threat Intelligence and Detection Engineering to lead our proactive defense initiatives. In this role, you will oversee the development and refinement of our threat detection capabilities, leverage intelligence to anticipate and mitigate threats, and guide a team of threat analysts and detection engineers. You will play a critical role in advancing our threat-informed defense strategy and maturing our security operations program. Responsibilities
Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units
Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters
Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture
Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows
Maintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection priorities
Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders
Lead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metrics
Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs
Establish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure
Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments
Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses
Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations
Define, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organization
Integrate security detection into CI/CD pipelines and support DevSecOps initiatives
Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs
Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors
Required Qualifications
Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required.
8+ years in information security with a focus on threat intelligence, detection engineering, or security operations
3-5 years in a leadership or management role with a track record of leading high-performing technical teams
Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals
Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security tools
Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII)
Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation
Experience with detection-as-code practices and version control (Git)
Knowledge of threat hunting methodologies and hypothesis-driven investigations
Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience
Hands-on experience in cloud environments (AWS, Azure, GCP) and containerized workloads (e.g., Kubernetes, ECS) preferred
Experience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plus
Advanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestration
Experience with AI/ML-driven detection systems and automated response orchestration is a plus
API development and integration for security tooling experience preferred
Container security and Kubernetes threat detection knowledge is a plus
Experience with deception technology and honeypot deployment preferred
Industry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus
Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including: Medical/Vision, Dental, Retirement and Paid Time Away Life Insurance and Disability Merchandise Discount and EAP Resources A few more important points... The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job. Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements. Pay Range Details The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $191,000.00 - $297,000.00 Annual This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf
We are looking for an experienced and visionary Senior Manager of Threat Intelligence and Detection Engineering to lead our proactive defense initiatives. In this role, you will oversee the development and refinement of our threat detection capabilities, leverage intelligence to anticipate and mitigate threats, and guide a team of threat analysts and detection engineers. You will play a critical role in advancing our threat-informed defense strategy and maturing our security operations program. Responsibilities
Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units
Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters
Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture
Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows
Maintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection priorities
Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders
Lead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metrics
Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs
Establish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure
Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments
Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses
Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations
Define, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organization
Integrate security detection into CI/CD pipelines and support DevSecOps initiatives
Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs
Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors
Required Qualifications
Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required.
8+ years in information security with a focus on threat intelligence, detection engineering, or security operations
3-5 years in a leadership or management role with a track record of leading high-performing technical teams
Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals
Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security tools
Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII)
Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation
Experience with detection-as-code practices and version control (Git)
Knowledge of threat hunting methodologies and hypothesis-driven investigations
Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience
Hands-on experience in cloud environments (AWS, Azure, GCP) and containerized workloads (e.g., Kubernetes, ECS) preferred
Experience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plus
Advanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestration
Experience with AI/ML-driven detection systems and automated response orchestration is a plus
API development and integration for security tooling experience preferred
Container security and Kubernetes threat detection knowledge is a plus
Experience with deception technology and honeypot deployment preferred
Industry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus
Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including: Medical/Vision, Dental, Retirement and Paid Time Away Life Insurance and Disability Merchandise Discount and EAP Resources A few more important points... The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job. Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements. Pay Range Details The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $191,000.00 - $297,000.00 Annual This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf