Application Security Architect - Engineer

at  Nationwide

You will provide direction and solutions to product owners and delivery teams working on a viariety solutions for both colleagues and members. This will include developing solution overviews and designs, threat models, and architectural patterns.
This opportunity is within the Security Architecture team, and part of Security and Resilience. The team have a challenging mandate to architect, engineer and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expertise within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you’ll spend at least two days per week, or if part time you’ll spend 40% of your working time, based at either our Swindon, London, Bournemouth, Northampton or Sheffield office. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.
Nationwide is committed to the redeployment of our employees impacted by change, as such applications for redeployment candidates will be prioritised in this recruitment process.

ABOUT YOU

You will have a background in hands on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in some of the following areas:

• Application, API, and CI/CD pipeline Security particularly in financial services systems such as payments and Open Banking and Fraud control
• Working with Developers understanding their problems helping find secure solutions
• Assuring and advising on secure systems design
• Creating patterns and other architecture artefacts
• Good knowledge of cryptography
• Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.

On a more general level you will have:

• A good general appreciation of enterprise-wide security threats, controls and principles across the above areas
• Experience or aptitude for threat evaluation and documenting enterprise-level architectural solutions that mitigate, or offer a risk aligned roadmap to mitigation. Producing artefacts such as Security designs, patterns, and options papers.
• An appreciation of working with security policy, standards, and security audit findings, and producing them into clear and practical solutions.
• Experience working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE) and enterprise policies and standards.
• Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement
• Experience of people management

Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.

• Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done - This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

WHAT YOU’LL BE DOING

A Security Solution Architect within Nationwide offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards and regulatory requirements apply, communicate in simple and actionable terms what compliance means.
In conjunction with Security and Resilience colleagues you will identify solutions that mitigate threats to within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.
You will be part of a team managing the technology controls framework ensuring a roadmap for maturity, coverage and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.
The members of the team fulfil a number of different roles and you will have the opportunity to use your existing knowledge and develop your skills and expertise between working with teams building critical member facing applications, back-end systems and future initiatives, producing architecture patterns, developing and improving the practices and services offered by the team and potentially people management.

You will have a background in hands on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in some of the following areas:

• Application, API, and CI/CD pipeline Security particularly in financial services systems such as payments and Open Banking and Fraud control
• Working with Developers understanding their problems helping find secure solutions
• Assuring and advising on secure systems design
• Creating patterns and other architecture artefacts
• Good knowledge of cryptography
• Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority