Senior Application Security Engineer

Job title: Senior Application Security Engineer

Corporate Title: Vice President

Department: Risk Management

Location: New York

The pay range for this position at commencement of employment is expected to be between $145,000 and $175,00//year*

Company overview

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative soluti ons and considered thought leadership. For further information about Nomura, visit .

Aon's Benefit Index , Nomura's benefits rank #1 amongst our competitors

Department overview :

Nomura has a robust global Information Security department, members of which are located in all of its major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the Application Security Lead in New York.

Role Overview

We are looking for a talented and experienced professional to join our team as Senior Application Security Engineer with specific focus on DevSecOps, Dynamic Application Security Testing (DAST, UAT), and related activities. In this role, you will part of a team leading the design, development, and implementation of robust and scalable application security solutions to protect Nomura's critical assets. This role is technical and hands-on and requires a deep understanding of application security practices (SAST, SCA, DAST) and generally the secure software development lifecycle (SDLC). It requires the development and implementation of processes, policies, standards, and solutions in collaboration with the Global Heads of Information Security and key stakeholders (e.g., Technology, business, legal, HR, compliance). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of application security solutions.

Key Responsibilities

• Drive innovation in DevSecOps security automation across a global enterprise environment, implementing cutting-edge solutions and best practices
• Build out and maintain robust Dynamic Application Security Testing Practice, including
• Manage and Deploy our DAST tool
• Support onboarding and scanning of business applications and related processes
• Validate scans and risk-assess findings (triage, attribution)
• Read out findings to developers and advice on remediation
• Lead strategic partnerships with Application Security development teams to:
• Drive adoption of security best practices
• Implement robust security practices throughout the application lifecycle
• Establish security-first development methodologies
• Foster collaborative relationships with key stakeholders to ensure:
• Alignment with industry security standards
• Compliance with regulatory requirements
• Implementation of robust security frameworks
• Adherence to governance protocols

Skills, experience, qualifications and knowledge required

• Master's or Bachelor's degree in Computer Science, Information Technology, or related fields
• 5+ years of proven information security experience, including expertise in:
• Dynamic Application Security Testing
• Static Application Security Testing
• Software Component Analysis
• OWASP and application security weakness remediation
• Interest in implementing application security principles and secure Software Development Life Cycle (SDLC) practices in a large, global enterprise
• Strong background or keen interest in security frameworks including:
• NIST Cybersecurity Framework (CSF)
• SANS security guidelines
• OWASP security practices
• Professional security certifications preferred and interest in pursuing certifications as part of professional development
• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Outstanding analytical and problem-solving capabilities with proven project management experience
• Exceptional interpersonal skills with demonstrated ability to communicate effectively across diverse teams and stakeholder groups

*base pay offered may vary depending on multiple individualized factors, including market location, corporate and functional title and duties, job-related knowledge and advanced degrees, skills, and experience. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, and discretionary awards in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired, employee will be in an at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors".

Nomura is an Equal Opportunity Employer

Nearest Major Market: Manhattan
Nearest Secondary Market: New York City