Senior Application Security Engineer

Interested in applying for the Senior Application Security Engineer role at Nomura
, a leader in global banking and financial services.

This position is based in New York, NY, and reports directly to the Application Security Lead.

We are looking for a talented and experienced professional to join our team as Senior Application Security Engineer with specific focus on Dev Sec Ops , Dynamic Application Security Testing (DAST, UAT), and related activities. In this role, you will be part of a team leading the design, development, and implementation of robust and scalable application security solutions to protect Nomura’s critical assets.

The role is technical and hands‑on and requires a deep understanding of application security practices (SAST, SCA, DAST) and generally the secure software development lifecycle (SDLC). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of application security solutions.

• Drive innovation in Dev Sec Ops  security automation across a global enterprise environment, implementing cutting‑edge solutions and best practices.
• Build out and maintain a robust Dynamic Application Security Testing Practice, including managing and deploying our DAST tool.
• Support onboarding and scanning of business applications and related processes.
• Validate scans and risk‑assess findings (triage, attribution).
• Read out findings to developers and advise on remediation.
• Lead strategic partnerships with Application Security development teams to drive adoption of security best practices.
• Implement robust security practices throughout the application lifecycle.
• Foster collaborative relationships with key stakeholders to ensure alignment with industry security standards, compliance with regulatory requirements, implementation of robust security frameworks, and adherence to governance protocols.

• Master’s or Bachelor’s degree in Computer Science, Information Technology, or related fields.
• 5+ years of proven information security experience, including expertise in Dynamic Application Security Testing, Static Application Security Testing, Software Component Analysis, OWASP and application security weakness remediation.
• Strong background or keen interest in security frameworks such as NIST Cybersecurity Framework, SANS security guidelines, OWASP security practices.
• Professional security certifications preferred and a desire to pursue additional certifications.
• CISSP and CSSLP certifications listed as preferred.
• Outstanding analytical and problem‑solving capabilities with proven project management experience.
• Exceptional interpersonal skills with demonstrated ability to communicate effectively across diverse teams and stakeholder groups.

Mid‑Senior level

Full‑time

Information Technology

Banking, Capital Markets, and Financial Services