Lead Information Security Analyst

Key objectives critical to success

We are looking for a talented and experienced professional to join our team as an Application Security Software Engineer with specific focus on DevSecops automation and innovation.  In this role, you will part of a team leading the design, development, and implementation of robust and scalable application security solutions to protect Nomura’s critical assets. This role is technical and hands-on and requires a deep understanding in application security, DevSecOps practices, and secure software development lifecycle (SDLC). It requires the development and implementation of processes, policies, standards, and solutions in collaboration with the Global Heads of Information Security and key stakeholders (e.g., Technology, business, legal, HR, compliance). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of application security solutions.

Key Responsibilities

• Enable DevSecOps security automation and innovation in a global enterprise.
• Define, architect, implement, and maintain software services that integrate with our SDLC toolchain to support application security related activities.
• Create libraries and documentation that help our developers to benefit from secret and certificate management services.
• Partner closely work with our Application Security and DevSecOps engineers to develop solutions that are considering both development and security requirements.
• Automate data collection and for security status reporting to developers, application owners, business owners, and leadership.
• Stay current on emerging technologies, trends, and threats in the field of application security, including managing risks related to AI, Blockchain, Cloud etc.
• Collaborate with internal and external stakeholders to ensure alignment with industry standards, regulatory requirements, and compliance frameworks.

Skills, experience, qualifications and knowledge required

• Bachelor's degree in Computer Science, Information Technology, or related field; Master's degree preferred.
• Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or Certified Information Security Manager (CISM) certification is preferred, interest in pursuing certifications is a must.
• Proven ability to develop Spring Boot Java applications in an enterprise environment, including writing unit test (using Junit, Mockito) is a must and will be tested during interviews.
• Experience with Spring Data, Spring Rest, JSON etc. and developing with Python 3 preferred.
• Familiarity with application security, secure coding, and related secure SDLC practices.
• Minimum of 5-8 years of experience in information security, with a focus on application security.
• Strong knowledge of security technologies, protocols, and frameworks, such NIST CSF, SANS, and OWASP.
• Excellent analytical, problem-solving, and project management skills.
• Strong communication and interpersonal skills to collaborate with diverse teams and stakeholders.

Right to Work 
 

Diversity & Inclusion  

Nomura is an equal opportunity employer. We value diversity and are committed to ensuring we best reflect the diversity of the communities we serve creating an inclusive environment for all our employees. We welcome all applications and do not discriminate on the basis of age, disability, gender identity and gender expression, pregnancy and maternity, marriage and civil partnership, race, religion or belief, sex or sexual orientation.  

If you require any assistance or reasonable adjustments due to a disability or long-term health condition, please do not hesitate to contact us.