Job title: Vulnerability Management and Cloud Security/CNAPP Specialist

Corporate Title: Associate

Department: IT Security

Location: Jacksonville

The pay range for this position at commencement of employment is expected to be between $95,000 and $120,000 annually.

Company overview

Nomura is an Asia-based financial services group with an integrated global network spanning over 30 countries. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Asset Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com

Department overview:

The Information Technology department at Nomura is at the forefront of innovation, driving technology solutions that empower our business and enhance client experiences. We leverage cutting-edge technologies to develop and maintain robust systems and infrastructure, ensuring the security, reliability, and efficiency of our operations. Join our team and be part of a dynamic and collaborative environment that embraces technological advancements to deliver value and drive our digital transformation journey.

Role overview:

Nomura is seeking a skilled Vulnerability Management and Cloud Security/CNAPP Specialist to join our Information Security team. You will play a crucial role in enhancing our vulnerability program with a strong focus on

• Vulnerability Management
• Cloud cybersecurity efforts through Cloud Native Application Protection Platform (CNAPP) management,
• Cloud Security Posture Management (CSPM) policy management, and Cloud Security alert investigation

Role responsibilities:

Vulnerability Management:

• Demonstrate strong proficiency in Vulnerability Management identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization's IT systems, networks, and applications
• Key responsibilities include performing regular scans, analysing risk levels, coordinating remediation with other teams, and reporting on findings and progress to management.
• This role requires knowledge of operating systems, networks, and vulnerability scoring systems, and the ability to use vulnerability scanning tools.

Cloud Competency:

• Demonstrate very strong understanding of IaaS (AWS) concepts and services including compute workloads (EC2), machine images (AMIs), storage technologies (S3, EBS, EFS, etc.) and IAM permissions.
• Demonstrate strong knowledge of cloud configuration best practices.
• Understand public cloud’s shared responsibility model.

CNAPP and CSPM Proficiency:

• Show proficiency in navigating a CNAPP platform (e.g. Prisma Cloud) and investigating resources.
• Demonstrate proficiency in writing custom CSPM rules for configuration alerting.

Data Proficiency:

• Demonstrate strong proficiency in programming languages, with a focus on scripting and automation for efficient data handling.
• Demonstrate strong proficiency in REST APIs and understanding of Cloud Service Provider API endpoints.

Collaboration:

• Collaborate with cross-functional teams, including security analysts, SOC, and IT professionals, to gather requirements, investigate alerts, and assist with remediation of misconfigurations.
• Collaborate with Architecture teams to custom tune policies to the operating environment.
• Assist teams with understanding the cause of alerts to aid in remediation or identifying false positives.

Continuous Improvement:

• Drive continuous improvement initiatives to enhance the efficiency and effectiveness of reporting processes.

Communication:

• Effectively communicate findings and insights to both technical and non-technical stakeholders.
• Present reports and recommendations to leadership for informed decision-making.

Skills, experience, qualifications and knowledge required:

• Bachelor’s degree in a related field.

• Proven experience with Vulnerability Management tooling

• Proven experience with CNAPP tooling (e.g. Prisma Cloud, Wiz).

• Experience with ITSM and CMDB tooling (e.g. ServiceNow)

• Strong programming skills (e.g. Python, PowerShell).

• Expertise in Cloud Infrastructure

• Excellent communication and collaboration skills.

If you are passionate about vulnerability management, possess strong cloud security, CNAPP, and API skills, and thrive in a collaborative environment, we invite you to apply for this exciting opportunity.

Nomura competencies

Trusted Partner

• Understand clients’ needs and issues, and respond with high-quality proposals
• Acquire capabilities to perform one’s responsibilities and contribute to being a Trusted Partner

Entrepreneurial leadership

• Produce new ideas that might challenge the status-quo or oneself

Teamwork

Collaboration

• Seek advice from senior colleagues and utilize it for improved results
• Collaborate with members from relevant departments

Influence

• Contribute to the success of the organization both quantitatively and qualitatively, and act with awareness of the impact on others
• Serve as role model and provide guidance to junior employees

Integrity

• Have a good understanding of corporate philosophy, professional ethics, compliance, risk management, and code of conduct, and make decisions and take actions accordingly

*base pay offered may vary depending on multiple individualized factors, including market location, corporate and functional title and duties, job-related knowledge and advanced degrees, skills, and experience. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, and discretionary awards in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired in the U.S., employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors”.

Nomura is an Equal Opportunity Employer