Lead Application Security Engineer
NASDAQ
As a Lead, Information Security reporting to Senior Director, Information Security, you'll serve as the primary point of contact for information security across a major cloud-based technology project. You'll play a critical role in designing and delivering secure solutions, protecting systems and applications, and supporting regulatory compliance in a fast-paced, high-impact environment.
You'll thrive in this role if you're analytically rigorous, security-focused, and energized by solving complex problems across diverse platforms and global teams.
Key Responsibilities
- Serve as the information security lead for a cloud-based technology project, partnering with cross-functional teams to deliver security-related outcomes.
- Design, develop, and implement information systems security solutions, ensuring vulnerabilities are identified and effectively remediated.
- Conduct security assessments — including penetration testing and ethical hacking — across complex systems, networks, and applications to evaluate and address risk.
- Evaluate and validate software patches and fixes for sophisticated vulnerabilities, including injection attacks, cross-site scripting, and malicious code threats.
- Prepare security risk analysis reports and contribute to response procedures that support governance and regulatory compliance requirements.
Required Qualifications
- Bachelor's degree in Computer Science, Information Systems, or a related field, or equivalent practical experience.
- 10+ years of experience in information security, with demonstrated expertise across on-premise and cloud-based environments.
- Hands-on experience with application security tools including dynamic and static analysis and web application penetration testing.
- Strong ability to assess and communicate security risks across multiple computing platforms of varying complexity.
- Active holder of one or more of the following certifications: CISSP, CISA, CCSP, GIAC (GSEC, GCFW, GCIA, GCIH, GPEN, GCFA, GSLC, GSNA, GISO), or equivalent.
Nice-to-Have
- Experience supporting regulatory compliance in financial services or other regulated industries.
- Familiarity with Google Cloud security architecture and controls.
- Track record of working across matrixed, global organizations on security initiatives.
This position can be located in St. John's, Toronto, or Montreal, and offers the opportunity for a hybrid work environment at least 3 days a week in-office, subject to change, providing flexibility and accessibility for qualified candidates.
Come as You Are
Nasdaq is an equal opportunity employer. We welcome applications from candidates of all backgrounds and identities.
We are committed to fostering an inclusive workplace where diverse perspectives, experiences, and identities are valued and celebrated.
We ensure that individuals with disabilities are provided with reasonable accommodation throughout the hiring process.
What We Offer
We’re proud to offer a competitive rewards package that is meaningful, recognizes the unique needs of our employees and their families and incentivizes employees for their contribution to Nasdaq’s overall success.
The base pay range for this role is $121,000 - $170,000. In addition to base salary, Nasdaq provides a generous annual bonus/commission (short-term incentive), and equity (long-term incentive), comprehensive benefits, and opportunity for growth. Exact compensation may vary based on several job-related factors that are unique to each candidate, including but not limited to: skill set, experience, education/training, business needs and market demands.