Information Security Manager - Penetration Testing
Country : USA
State : Washington
County : King County
Town : Seattle
Category : Logistics
Contract type : Permanent
Availability : Full time
Whether you’re a genius engineer, a phenomenal salesperson or a supply chain guru, we invite you to bring your unique talents and join our team. We’ve been on the Fortune™ 100 Best Places to Work list for more than 20 years because we reward great work, promote from within and celebrate diversity.
Our values are the core of who we are. They inspire our employees, delight our customers and bring our business to life every day.
Managers within Technology at Nordstrom help create an inspiring workplace where talented people are empowered to drive amazing customer experiences and business results. Through broad industry and practice knowledge and hands-on technical management experience, the Manager guides a team of professionals to execute strategy and tactics that deliver desired results.
- Lead and mature the Penetration Testing team as they perform assessments against Nordstrom and third party infrastructure and systems, report out findings, and work with partner teams where necessary to recommend appropriate mitigation.
- Work closely with the internal compliance team to ensure our scanning, testing, and reporting efforts are being performed for compliance efforts.
- Lead the implementation of a red teaming strategy to analyze security threats and potential impacts to quantify risk to the organization.
- Identify and recommend appropriate measures to manage and remediate discovered or potential vulnerabilities, providing guidance to partner teams.
- Provide leadership and coaching including technical and personal development for team members.
- Guide team's technical direction by defining the technical and business requirements for threat & vulnerability management solutions
- Assist in enhancing department vision and strategies to support company goals and receives guidance from more senior leaders
- Develop comprehensive solutions and plans with a demonstrated bias toward problem-solving
- Analyze information and make informed recommendations to influence decisions
- Recognize talent and build effective, motivated, and diverse teams that can deliver swiftly and predictably, adjusting in an agile fashion to deliver solutions aligned with business needs
- Establishes a positive work environment conducive to collaboration and teamwork while motivating individuals and team to deliver measurable results
- Ensure team(s) has the tools, resources, and information they need to be successful
- Strategize with leadership to overcome potential stumbling blocks and resistance
- Execute strategy/tactics to deliver desired results
- Clear understanding of department and how the teams engage with other areas of the organization
- Demonstrates technical depth within the team and within the discipline
- Drive the capability roadmap and understand, align, and communicate the organizational goals/strategy to the team
- Demonstrate solid understanding of latest industry trends
- Effectively listens, processes and takes appropriate action
- Facilitate the discussion of conflicting issues between individuals and groups
- Demonstrate a positive mindset, high levels of character and integrity, and a keen awareness of continuous improvement
- Understand how team efforts are aligned with organizational objectives and priorities
- Advise and collaborates with others on security strategy to develop strong, positive working relationships across all levels of the organization to drive success of projects and effort
- Adjust positively to quickly-changing priorities and shifting goals
- Listen to and embraces ideas and insights from others to find better solutions
- Minimum of 5 years of experience with penetration testing and preferably two years leading teams
- Minimum of 2 years of direct experience with common penetration testing and vulnerability management tooling
- Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
- Demonstrate curiosity and ability to write in at least one programming language well and can effectively code in a scripting language.
- Must have good technical communication skills (both written and verbal) and the ability to effectively communicate to anyone in the organization, paired with good analytical and problem-solving skills
- Desirable certifications include: OSCP, GPEN, GXPN, OSCE
- Self-directed, with the ability to work alone or in teams, with minimal oversight.
- Bachelor's degree in computer science related discipline is nice to have.