Job Title:  Sr. Information Security Analyst

Corporate Title: Associate

Department: Technology

Location: New York

The pay range for this position at commencement of employment is expected to be between $120,000 and $145,000 /year*

Company overview

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.

Aon’s Benefit Index®, Nomura’s benefits rank #1 amongst our competitors

Department Overview

Nomura has a robust global Information Security department, members of which are located in all of its major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the Application Security Lead in New York.

Position Overview

We are looking for a talented and experienced professional to join our team as an Application Security Engineer with specific focus on DevSecOps automation and innovation.  In this role, you will part of a team leading the design, development, and implementation of robust and scalable application security solutions to protect Nomura’s critical assets. This role is technical and hands-on and requires a deep understanding of DevOps practices, high proficiency in Java and Python, and an interest in application security practices and generally the secure software development lifecycle (SDLC). It requires the development and implementation of processes, policies, standards, and solutions in collaboration with the Global Heads of Information Security and key stakeholders (e.g., Technology, business, legal, HR, compliance). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of application security solutions.

Key Responsibilities and Duties:

• Drive innovation in DevSecOps security automation across a global enterprise environment, implementing cutting-edge solutions and best practices
• Design, develop, and maintain robust software services that seamlessly integrate with SDLC toolchain, focusing on:
• Application security enhancement
• Security automation workflows
• Continuous integration and deployment pipelines
• Lead strategic partnerships with Application Security development teams to:
• Drive adoption of security best practices
• Implement robust security practices throughout the application lifecycle
• Establish security-first development methodologies
• Develop and implement automated security reporting systems that provide:
• Shift-left security status updates
• Comprehensive analytics to guide developers
• Strategic insights for application owners
• Executive-level reporting for business stakeholders
• Foster collaborative relationships with key stakeholders to ensure:
• Alignment with industry security standards
• Compliance with regulatory requirements
• Implementation of robust security frameworks
• Adherence to governance protocols
• Maintain expertise in emerging security landscapes, including Artificial Intelligence and Machine Learning, Cloud and Blockchain technologies

Key Skills and Experience

• Master's or Bachelor's degree in Computer Science, Information Technology, or related fields
• 3-5+ years of proven software engineering experience, with expertise in:
• Spring Boot Java application development
• Spring Data and Spring REST implementations
• Python 3 development
• JSON and related technologies
• Junit5 and Mockito frameworks
• Interest in implementing application security principles and secure Software Development Life Cycle (SDLC) practices in a large, global enterprise
• Strong background or keen interest in security frameworks including:
• NIST Cybersecurity Framework (CSF)
• SANS security guidelines
• OWASP security practices
• Professional security certifications preferred and interest in pursuing certifications as part of professional development
• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Outstanding analytical and problem-solving capabilities with proven project management experience
• Exceptional interpersonal skills with demonstrated ability to communicate effectively across diverse teams and stakeholder groups

*base pay offered may vary depending on multiple individualized factors, including market location, corporate and functional title and duties, job-related knowledge and advanced degrees, skills, and experience. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, and discretionary awards in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors”.

Nomura is an Equal Opportunity Employer