Senior Application Security Engineer
: Job Details :

This range is provided by Nomura. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$145,000.00/yr - $175,000.00/yr

Job Title: SR Application Security Engineer

Corporate Title: VP

Location: Hybrid in Philadelphia (2-3 Days a week in office).

FULLY REMOTE IS NOT AN OPTION

The pay range for this position at commencement of employment is expected to be between $145,000 and $175,000 year*

Company overview

Nomura is a global financial services group with an integrated network spanning over 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Wholesale (Global Markets and Investment Banking), and Investment Management. Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.

Department Overview

Nomura has a robust global Information Security department, members of which are located in all of its major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the Application Security Lead in New York

Role Overview

We are looking for a talented and experienced professional to join our team as Senior Application Security Engineer with specific focus on DevSecOps, Dynamic Application Security Testing (DAST, UAT), and related activities. In this role, you will part of a team leading the design, development, and implementation of robust and scalable application security solutions to protect Nomura's critical assets. This role is technical and hands-on and requires a deep understanding of application security practices (SAST, SCA, DAST) and generally the secure software development lifecycle (SDLC). It requires the development and implementation of processes, policies, standards, and solutions in collaboration with the Global Heads of Information Security and key stakeholders (e.g., Technology, business, legal, HR, compliance). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of application security solutions.

Key Responsibilities

• Drive innovation in DevSecOps security automation across a global enterprise environment, implementing cutting-edge solutions and best practices
• Build out and maintain robust Dynamic Application Security Testing Practice, including
• Manage and Deploy our DAST tool
• Support onboarding and scanning of business applications and related processes
• Validate scans and risk-assess findings (triage, attribution)
• Read out findings to developers and advice on remediation
• Lead strategic partnerships with Application Security development teams to:
• Drive adoption of security best practices
• Implement robust security practices throughout the application lifecycle
• Foster collaborative relationships with key stakeholders to ensure:
• Alignment with industry security standards
• Compliance with regulatory requirements
• Implementation of robust security frameworks
• Adherence to governance protocols

Skills, experience, qualifications and knowledge required

• Master's or Bachelor's degree in Computer Science, Information Technology, or related fields
• 5+ years of proven information security experience, including expertise in:
• Dynamic Application Security Testing
• Static Application Security Testing
• Software Component Analysis
• OWASP and application security weakness remediation
• Interest in implementing application security principles and secure Software Development Life Cycle (SDLC) practices in a large, global enterprise
• Strong background or keen interest in security frameworks including:
• NIST Cybersecurity Framework (CSF)
• SANS security guidelines
• OWASP security practices
• Professional security certifications preferred and interest in pursuing certifications as part of professional development
• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Outstanding analytical and problem-solving capabilities with proven project management experience
• Exceptional interpersonal skills with demonstrated ability to communicate effectively across diverse teams and stakeholder groups

“Base pay offered may vary depending on multiple individualized factors, including market location, corporate and functional title and duties, job-related knowledge and advanced degrees, skills, and experience. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, and discretionary awards in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors”.

Nomura is an Equal Opportunity Employer

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology
• IndustriesFinancial Services, Investment Banking, and Capital Markets

Referrals increase your chances of interviewing at Nomura by 2x

Inferred from the description for this job

Medical insurance

Vision insurance

401(k)

Paid paternity leave

Paid maternity leave

Child care support

Disability insurance

Get notified when a new job is posted.

Sign in to set job alerts for “Senior Application Security Engineer” roles.

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr