• Lead the implementation, assessment, and continuous improvement of security controls aligned with NIST SP 800-171 and CMMC 2.0, ensuring organizational readiness for Level 2 certification. • Own and maintain the System Security Plan (SSP), Plans of Action and Milestones (POA&M), security policies, procedures, and compliance documentation. • Map and protect Controlled Unclassified Information (CUI) throughout its lifecycle, including data flows across engineering design (CAD/CAM), procurement, quality, manufacturing, and external suppliers. • Serve as the primary liaison for CMMC assessments, including coordination with C3PAOs, audit preparation, artifact management, and remediation tracking. • Implement and monitor security controls across both IT and OT environments, including identity and access management, multi-factor authentication, encryption, endpoint detection and response (EDR), SIEM, firewalls, and network segmentation. • Conduct vulnerability scanning, risk assessments, and gap analyses against NIST SP 800-171 controls, prioritizing mitigation efforts based on operational and contractual risk. • Lead cyber incident response activities, including documentation and reporting of incidents impacting CUI within required DFARS timelines (e.g., 72-hour reporting). • Partner cross-functionally with engineering, operations, quality, and leadership to embed cybersecurity into product development and manufacturing processes. • Oversee relationships with managed service providers (MSPs), cloud providers, and external security vendors to ensure secure configurations and regulatory compliance. • Develop and deliver practical cybersecurity training tailored to aerospace manufacturing personnel, including phishing awareness, secure technical data handling, and CUI best practices. • Establish compliance dashboards and executive reporting mechanisms to provide visibility into security posture and remediation progress. • Support and secure cloud environments, including Microsoft GCC High or Azure Government, where applicable.

Title: Senior Manager, Application Security (Hybrid - Seattle) Location: Seattle, WA Job Description: Job Description We are seeking an experienced and strategic Senior Manager of Application Security to lead our application security team. This role is responsible for building and maturing our application security program, embedding security throughout the software development lifecycle (SDLC), and ensuring that Nordstrom’s applications and APIs are protected against evolving threats. The ideal candidate will drive technical strategy for application security tooling, scale secure-by-design practices, and lead initiatives to integrate security seamlessly into engineering workflows while building a high-performing AppSec team. You will partner closely with product engineering, platform, and DevOps teams to deliver security at the speed of development. The right leader will bring an AI-first mindset and a proven ability to enable their team to embrace and leverage AI in their day-to-day work. Key Responsibilities: Strategic Leadership & AppSec Program Vision - Develop and execute a strategic roadmap for application security across the SDLC, including secure code review, SAST/DAST/SCA tooling, API security, secrets management, and developer security enablement. - Champion an AI-first approach to application security, identifying opportunities to leverage AI for vulnerability detection, code analysis, threat modeling automation, and developer guidance. - Drive a shift-left security strategy, embedding security practices early in the development lifecycle and reducing time-to-remediation for application vulnerabilities. - Create multi-quarter implementation plans for maturing the AppSec program, including bug bounty expansion, penetration testing cadence, and security champions growth, aligned with enterprise security and engineering objectives. - Identify and prioritize application security investments based on threat intelligence, vulnerability trends, business risk, and the evolving attack surface of Nordstrom’s web, mobile, and API ecosystem. - Establish meaningful AppSec metrics that demonstrate program maturity and business value, such as mean time to remediate (MTTR), vulnerability density trends, security debt reduction, and developer security training completion. - Partner with security leadership to translate organizational security strategy into actionable platform implementation plans. Program Management & Technical Execution - Lead the design, implementation, and lifecycle management of application security tooling including SAST, DAST, SCA, IAST, secrets detection, API security testing, and developer security training platforms. - Oversee RFP processes and technical evaluations for AppSec tooling, ensuring selected solutions integrate into CI/CD pipelines and developer workflows with minimal friction. - Own the application penetration testing program, including scoping, vendor management, internal red team coordination, and ensuring findings are tracked to remediation. - Establish and maintain application security standards, secure coding guidelines, threat modeling practices, and architectural review processes across engineering teams. - Build and scale a Security Champions program that embeds security awareness and accountability within engineering squads, reducing reliance on centralized security reviews. - Partner with engineering, DevOps, and platform teams to integrate security gates into CI/CD pipelines, ensuring automated scanning and policy enforcement at every stage of the build and deploy process. - Lead application security incident response for vulnerabilities and exploits targeting Nordstrom’s applications, driving rapid triage, root cause analysis, and durable remediation in partnership with the SOC and engineering teams. Team Leadership & Development - Build, lead, and mentor a diverse team of application security engineers spanning offensive security, secure code review, AppSec tooling, and developer enablement functions. - Establish team structure that balances proactive security engineering (tooling, automation, secure design) with reactive functions (vulnerability management, security reviews, and incident support). - Create individual development plans that align with team members’ career aspirations and organizational needs. - Implement performance management frameworks that recognize achievements and address development areas. - Foster a collaborative culture that encourages knowledge sharing, continuous learning, partnership, and innovation. - Identify and develop emerging leaders within the team to build succession pipelines. - Foster a culture of AI adoption by modeling an AI-first mindset, enabling experimentation, and integrating AI tools into team workflows. - Promote inclusive team practices that value diverse perspectives and approaches. Stakeholder Management & Cross-Functional Collaboration - Build strategic partnerships with engineering managers, directors, product managers, and platform leads to ensure security is embedded in product decisions and the engineering culture, not bolted on. - Represent application security needs in cross-functional initiatives, architecture review boards, and steering committees, advocating for secure-by-default standards across Nordstrom’s technology ecosystem. - Communicate complex security concepts effectively to both technical and non-technical audiences. - Negotiate and manage dependencies with engineering teams to prioritize vulnerability remediation, ensuring AppSec findings are tracked in product backlogs and addressed within agreed SLAs. - Collaborate with governance, risk, and compliance teams to ensure application security practices satisfy regulatory requirements (e.g., PCI-DSS, SOX) and align with industry standards such as OWASP SAMM and BSIMM. - Partner with the SOC and incident response teams to ensure application-layer detections, WAF rules, and threat intelligence are incorporated into AppSec tooling and response playbooks. - Advocate for application security requirements in enterprise architecture decisions, third-party integrations, and technology standards to ensure secure design is a first-class consideration. Required Qualifications - Bachelor’s degree in Computer Science, Information Security, or related field—or equivalent practical experience. - 8+ years of experience in information security or cybersecurity with a strong focus on application security, secure software development, or offensive security. - 3-5 years of experience in security management or technical lead roles, with a track record of building and leading high-performing AppSec or product security teams. - Deep understanding of application security principles, including the OWASP Top 10, secure SDLC methodologies, threat modeling (e.g., STRIDE), API security, and web application attack techniques and defenses. - Proven experience deploying and scaling AppSec tooling (SAST, DAST, SCA, secrets detection) within CI/CD pipelines in large, distributed engineering organizations. - Strong knowledge of application security frameworks and maturity models (e.g., OWASP SAMM, BSIMM, NIST SSDF) and how to apply them to build a measurable, risk-based AppSec program. - Excellent leadership, strategic thinking, and communication skills. - Demonstrated AI-first mindset with experience adopting AI tools and enabling teams to integrate AI into their work. - Proven ability to translate complex application security risk into developer-friendly guidance, actionable remediation advice, and business-aligned risk decisions. Preferred Qualifications - Master’s degree in a relevant field. - Experience securing cloud-native applications and microservices architectures, including container security, serverless functions, and cloud-native API gateways (AWS, Azure, or GCP). - Familiarity with AI-powered application security tools such as AI-assisted code review, LLM-based vulnerability analysis, or AI-enhanced DAST/fuzzing platforms. - Relevant industry certifications (e.g., CSSLP, GWEB, GWAPT, OSCP, CISSP, or equivalent offensive/AppSec-focused credentials). - Hands-on experience with AppSec tools such as Semgrep, Checkmarx, Veracode, Snyk, Burp Suite Pro, or comparable SAST/DAST/SCA platforms. - Understanding of retail or e-commerce application security challenges, including payment security (PCI-DSS), fraud prevention, account takeover (ATO) defenses, and securing high-volume customer-facing APIs. - Experience building or scaling a Security Champions program or developer security training initiatives within a large engineering organization. - Background in software engineering or development — candidates who have written production code and understand the developer experience bring a meaningful advantage to this role. Why Join Us - Lead a high-visibility function that directly shapes the security posture of one of the largest retail technology organizations in the country, protecting customer data and business-critical applications at scale. - Drive a modern, developer-centric approach to application security — building a program where security accelerates engineering rather than slowing it down. - Join an innovative retailer that has embraced the responsible use of AI across our workplace and products, with the opportunity to shape how AI evolves our security capabilities. - Work with a talented and diverse team of security professionals dedicated to protecting our customers and brand. - Opportunity to build and scale a best-in-class AppSec program from the ground up, with the authority and resources to make lasting impact on how Nordstrom develops and ships secure software. - Competitive compensation and benefits package. - Collaborative, inclusive work environment that values professional growth and development. We’ve got you covered… Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including: - Medical/Vision, Dental, Retirement and Paid Time Away - Life Insurance and Disability - Merchandise Discount and EAP Resources A few more important points... The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job. For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site. Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines. © 2022 Nordstrom, Inc Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs. Nordstrom keeps job postings open for at least one day after the posting date. Pay Range Details The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience. $191,000.00 - $297,000.00 Annual This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf

Job DetailsLevel: ExperiencedJob Location: Beavercreek Office - Beavercreek, OH 45431Position Type: Full TimeTravel Percentage: Up to 10%Why Sabel Systems Sabel Systems Technology Solutions, LLC is a digital engineering and Defense technology partner helping organizations simplify complexity and improve mission outcomes through secure, scalable solutions across the lifecycle. Our people-first culture blends large-business opportunity with small-business agility, enabling us to deliver high-impact, secure solutions, rapidly while investing in our people’s growth and success. You will be joining a dynamic and highly motivated team with one shared goal: “Get quality and secure solutions in the customers’ hands as soon as possible.” Why This Roles Matters This individual will focus on policy development, security control implementation, network traffic analysis, and maintaining DoD cyber governance and compliance. The position will also be responsible for business development in the cybersecurity field. The ideal candidate will be a highly skilled cybersecurity professional with a proven track record as a highly technical ISSM. This role requires excellent policy and technical knowledge, attention to detail, and the ability to collaborate effectively with other IT and security teams. A minimum of an active Department of Defense Top Secret clearance is necessary for this position. What You'll Do Cyber Risk Management Provide in-person and/or remote/hybrid developed solutions to the customer’s cybersecurity requirements. Develop appropriate policy in accordance with DoD regulations and industry best practices. Conduct compliance scans as dictated by the customer. Conduct vulnerability scans on a weekly basis in accordance with DAF TASKORDS and DoD regulations. Assist engineering staff with design changes. Participate in change control boards as a voting member. Stay updated with the latest DoD regulations, emerging cybersecurity trends. Develop and implement custom detection techniques to identify new and emerging threats. Report findings to stakeholders and assist in the creation of actionable security recommendations. Collaborate with SOC analysts and incident response teams to investigate, remediate, and escalate security incidents. Governance & Compliance Enforce standardized cyber certification and sustainment processes. Prepare products for audits and customer reviews. Develop risk metrics and regularly report to leadership. Support pre-sales cyber posture discussions. Tools Used RMF / GRC tools (eMASS or equivalent) Vulnerability scanning tools GitLab, Nexus, SonarQube, Grafana dashboards Secure documentation repositories Job Qualifications Required Qualifications US Citizen Active DoD Top Secret clearance Bachelor’s degree in Cybersecurity, Engineering, or related field 10+ years experience in cybersecurity with a heavy focus on RMF 7+ years Systems administration experience Hands-on ATO experience in DoD Strong communication and documentation skills Certifications such as CISSP, CISM Preferred Qualifications Leadership skills Strong skills writing policies and procedures Extensive experience working with RMF and differing Authorizing Official (AO) offices for authorization assessments and approvals Gov cloud and technical cloud security experience Certifications such as ITIL or Project+ Minimum Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Strong analytical and organizational skills Process improvement skills Ability to manage multiple products concurrently Professionalism, integrity, and ownership Able to work remotely Work Location This is a full-time, fully remote opportunity, available to candidates residing in the U.S. Candidates must be available to support Eastern Standard business hours with up to 10% additional travel to support customer events. Our Core Values Bias for Action: Decisive. Purposeful. Agile. We move with the speed of relevance to drive impact and progress. Integrity: Respect. Ethics. Transparency. We do what’s right and earn lasting trust. Delivery Excellence: Customer-obsessed. Mission-focused. Quality-driven. We deliver innovative outcomes that exceed expectations. Our EVP Promise Join Sabel Systems, where your contributions drive impact, your growth is continuously supported, and your well-being is at the center of how we work—so together, we can build the future with purpose. “Rewarding Impact. Building Futures Together.” Compensation Compensation will be determined in partnership with the Hiring Manager and may vary based on factors such as contract and labor category alignment, relevant experience, skills, education, certifications or licenses, and geographic location. Sabel Systems is committed to offering all employees a competitive benefits and compensation package that is comprehensive enough to meet their goals and needs. Our employees are our most valuable asset, and one of Sabel Systems largest financial investments is our benefits program. As a valued member of the organization, employees are provided with a host of benefits to include healthcare; financial assistance in the event of illness, injury, disability, loss of work, or death; health savings accounts; retirement plans; paid time off; paid holidays; education and training program reimbursement, to name a few. Equal Employment Opportunity Sabel Systems is an equal opportunity employer. Our hiring decisions are based solely on qualifications, merit, and business need. We prohibit discrimination and harassment of any kind across all employment practices within our organization. Sabel Systems participates in the E-Verify Employment Verification Program. Reasonable Accommodation Sabel Systems is committed to providing equal employment opportunities and ensuring an accessible application process for all candidates. Applicants with disabilities who require reasonable accommodation to participate in the application or interview process are encouraged to contact us at recruiting@sabelsystems.com for assistance.

Seeking a Technical DR consultant for a remote opening Top Skills' Details Disaster Recovery Planning & Testing – supporting coordination of DR exercises, reviewing procedures, and validating data in recovery processes. Technical DR Knowledge – Understanding backup, replication, recovery technologies, system dependencies, and RTO/RPO. Conducting conversations with technical owners to complete plans. Communication & Coordination – Translating technical risks into business impact and working across technical teams, leadership, and MSPs. ServiceNow - must have experience navigating and gathering DR data Description Supports the review, coordination, and approval of disaster recovery plans and related processes to help ensure the security and integrity of company data, databases, information systems, and technology. Supports enterprise disaster recovery exercises and validation activities by partnering with technical subject matter experts, application owners, infrastructure teams, and business stakeholders. Supports and maintains overall disaster recovery execution plans, including understanding system dependencies and interdependencies across technologies. Documents disaster recovery exercises and assists with consolidating and reporting results to senior management. Drives the updates and maintenance for disaster recovery runbooks for core business technologies in collaboration with responsible technology teams. Supports risk and impact and system impact analysis activities to help identify critical systems and technologies required to support continued operations during a disruption. Supports the translation of deficiencies identified during DR exercises into business relevant risk information, enabling stakeholders to assess exposure and define compensating controls. Participate in assessments of the impact of potential technology service disruptions (on premise and hosted), including supporting disaster declaration and DR plan activation activities as required. Supports program status communications, including inputs for internal leadership, regulators, auditors, and customers, such as annual reporting, audit responses, and customer inquiries. Develops, maintains, and supports delivery of disaster recovery training, procedures, documentation, and communications across the organization. Performs additional disaster recovery–related duties as assigned. Understanding of enterprise DR architectures across on premise, hosted, and cloud environments. Familiarity with backup, replication, and recovery technologies and how they are validated through testing. Ability to interpret system dependencies, recovery sequencing, and recovery timelines. Working knowledge of DR runbooks, testing methodologies, and validation evidence. Awareness of how RTO/RPO objectives translate to technical recovery capabilities and business risk. Skills: Proven experience supporting and coordinating enterprise IT disaster recovery exercises in a multi site environment, with hands on involvement in recovery testing, validation activities, and post exercise analysis across infrastructure, applications, and services. Strong understanding of disaster recovery architectures and recovery technologies, including backup, replication, restore, and recovery mechanisms supporting on premise, hosted, and cloud based workloads. Solid technical knowledge of enterprise infrastructure components relevant to disaster recovery, including storage platforms, backup and recovery systems, networking concepts, and system dependencies that impact recoverability. Working knowledge of security concepts as they relate to disaster recovery, including incident response alignment, secure recovery practices, access controls during recovery events, logging, monitoring, and infrastructure security considerations. Demonstrated knowledge of industry best practices for IT Disaster Recovery planning and testing, including alignment with applicable ISO standards such as ISO 27001, ISO 22301, ISO 19011, and ISO 22316. Ability to support and interpret recovery objectives (RTO/RPO), system impact analyses, and technical recovery constraints, and to translate technical findings into business relevant DR risk insights. Strong project coordination and organizational skills, with the ability to support multi threaded DR initiatives, manage deliverables, track dependencies, and align activities to defined plans, schedules, and testing cycles. Strong analytical and problem solving skills, with the ability to assess technical recovery issues, identify gaps, and support remediation discussions with technology teams and service providers. Effective communication skills, with the ability to convey technical DR concepts and test outcomes clearly to a broad audience, including technical teams, leadership, auditors, regulators, vendors, and external partners. Skills disaster recovery, coordination Additional Skills & Qualifications Typically a minimum of seven years of related Information Technology experience Crisis management coordination and experience is a plus Applicable certifications preferred (Disaster Recover Certified Specialist (DRCS), Certified Business Continuity Professional (CBCP), Project Management Professional (PMP), etc.) Job Type & Location This is a Contract position based out of Chicago, IL. Pay and BenefitsThe pay range for this position is $45.00 - $55.00/hr. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: • Medical, dental & vision • Critical Illness, Accident, and Hospital • 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available • Life Insurance (Voluntary Life & AD&D for the employee and dependents) • Short and long-term disability • Health Spending Account (HSA) • Transportation benefits • Employee Assistance Program • Time Off/Leave (PTO, Vacation or Sick Leave) Workplace TypeThis is a fully remote position. Application DeadlineThis position is anticipated to close on Apr 30, 2026. h4>About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. About TEKsystems and TEKsystems Global Services We’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com. The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.