Senior Security Engineer – Threat Intelligence, Detection Engineering

Nordstrom

Senior Security Engineer writing detection rules and hunting adversary activity in security-focused team. Collaborating across various domains and operationalizing threat intelligence for effective security operations.

Posted 6/6/2026full-timeSeattle • Washington • 🇺🇸 United StatesSenior💰 $142,000 - $220,500 per yearWebsite

Tech Stack

Tools & technologies

CloudPython

About the role

Key responsibilities & impact

The Senior Security Engineer on the TIDE team is a hybrid practitioner who writes detection rules, hunts adversary activity across the data lake, and builds the automation that ties it all together.
Design, develop, and maintain high-fidelity detection rules in CrowdStrike NG-SIEM (LogScale/CQL) across endpoint, email, identity, network, and cloud domains
Operationalize the full detection lifecycle: threat modeling, logic development, empirical testing, deployment, tuning, and retirement
Build detection content aligned to MITRE ATT&CK, threat actor TTPs, and internal threat model priorities
Translate threat intelligence findings, incident post-mortems, and hunt discoveries into durable detection logic
Collect, analyze, and operationalize tactical and technical threat intelligence from open-source, commercial, and internal sources
Produce actionable intelligence products including threat actor profiles, TTP summaries, and IOC packages that directly inform detection priorities and hunting hypotheses
Design and execute hypothesis-driven threat hunts across endpoint, email, identity, network, and cloud telemetry
Maintain visibility into coverage gaps and drive new hunt-to-detect cycles to close them
Support provide technical escalation support for complex incidents involving identity compromise, endpoint intrusion, lateral movement, and data exfiltration
Conduct targeted forensic and log-based analysis during active investigations, contributing to root cause determination and containment decisions

Requirements

What you’ll need

4+ years of professional experience in detection engineering, threat intelligence, SOC/IR, threat hunting, or security automation
Demonstrated proficiency writing detection logic in at least one enterprise SIEM or XDR platform; CrowdStrike NG-SIEM (LogScale/CQL) experience strongly preferred
Working knowledge of MITRE ATT&CK at the technique and sub-technique level; ability to map adversary behaviors to telemetry sources and detection logic
Hands-on experience with EDR analysis, behavioral anomaly detection, and investigation of post-exploitation activity
Hands-on experience with hypothesis-driven threat hunting; ability to document and execute an end-to-end hunt
Scripting proficiency in Python and/or PowerShell for automation, log parsing, or investigative tooling
Experience contributing to incident response for malware incidents, identity-based attacks, or insider threats
Strong written communication skills; ability to produce clear, actionable documentation, detection rationale, and intelligence products
Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent professional experience.

Benefits

Comp & perks

Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources
This position may be eligible for performance-based incentives/bonuses
Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

detection engineeringthreat intelligenceSOC/IRthreat huntingsecurity automationdetection logicEDR analysisbehavioral anomaly detectionscripting in Pythonscripting in PowerShell

Soft Skills

strong written communicationdocumentation skillsanalytical skillsproblem-solving skills