Job Description

We are looking for an experienced and visionary Senior Manager of Threat Intelligence and Detection Engineering to lead our proactive defense initiatives. In this role, you will oversee the development and refinement of our threat detection capabilities, leverage intelligence to anticipate and mitigate threats, and guide a team of threat analysts and detection engineers. You will play a critical role in advancing our threat-informed defense strategy and maturing our security operations program.

Responsibilities:Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business unitsBuild, lead, and mentor a high-performing team of detection engineers, threat analysts, and huntersServe as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk postureOperationalize threat intelligence by integrating internal and external intel into detection engineering workflowsMaintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection prioritiesDeliver actionable threat assessments and briefings tailored to technical and executive stakeholdersLead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metricsDrive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPsEstablish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closureLead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environmentsDrive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defensesChampion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operationsDefine, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organizationIntegrate security detection into CI/CD pipelines and support DevSecOps initiativesManage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programsEstablish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors

Required Qualifications:Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required. 8+ years in information security with a focus on threat intelligence, detection engineering, or security operations3-5 years in a leadership or management role with a track record of leading high-performing technical teamsDeep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticalsExtensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security toolsStrong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII)Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automationExperience with detection-as-code practices and version control (Git)Knowledge of threat hunting methodologies and hypothesis-driven investigationsComprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experienceHands-on experience in cloud environments (AWS, Azure, GCP) and containerized workloads (e.g., Kubernetes, ECS) preferredExperience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plusAdvanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestrationExperience with AI/ML-driven detection systems and automated response orchestration is a plusAPI development and integration for security tooling experience preferredContainer security and Kubernetes threat detection knowledge is a plusExperience with deception technology and honeypot deployment preferredIndustry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

Medical/Vision, Dental, Retirement and Paid Time AwayLife Insurance and DisabilityMerchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.

$191,000.00 - $297,000.00 Annual

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf