Security Engineer

at  Nationwide

The defence of the Society and its members data and money is of critical importance, and as our adversaries evolve, so do we in line with our “threat led” cyber strategy.
Are you working in an IT role and want to help secure technology using your expertise in platforms?
Are you working in a Security Operations role and want to use your insights and knowledge gained from being at the frontline of investigating cyber attacks to help implement security improvements?
Are you working in a penetration testing role and want to help secure technology based on the insights you have gained from finding and exploiting vulnerabilities?
Are you working in a security engineering role and looking to broaden your cyber security skills?
If you have a passion for technology and security, this role in our Attack Surface Operations team provides an exciting opportunity to join a team that we see as playing a critical role in the future of the society.
Our Attack Surface Operations team is a recently established team that is creating an innovative and cutting edge new capability within the Security & Resilience department focussed on managing and reducing our internal and external attack surface against a constantly evolving threat – and in identifying and executing targeted interventions that shift the dial to provide the most reduction in residual risk.
This is an exciting opportunity to join and contribute to our Attack Surface Operations function.
Attack Surface Operations is about applying a threat lens to attack surface information with dedicated ringfenced resource to proactively identify vulnerabilities and weaknesses, and fix issues that have the greatest impact on reducing our risk exposure.
We want our Attack Surface Operations team to grow and foster deep technical expertise in understanding how to securely configure and maintain technology, and in how attackers can exploit organisations attack surface to gain access.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you’ll spend at least two days per week, or if part time you’ll spend 40% of your working time, based at either our or Swindon or London office. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.
If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.

ABOUT YOU

As a minimum, you’ll:

• Have hands on experience of vulnerability management practices or other security disciplines such as Security Operations or Access Management.
• Have knowledge of securing Microsoft or UNIX or networking technologies to industry good practice standards.
• Have working knowledge of the principals of attack surface mapping and remediation.
• Be ready to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism
• Have excellent communication and interpersonal skills, both written and verbal
• Have the ability and desire to quickly learn new technologies.
• Have a strong understanding of risk management processes and techniques.

Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.

• Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done - This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

As part of a pro-active team, you will be responsible for identifying and assessing security vulnerabilities that impact Nationwide’s technology estate. This includes tracking issues to remediation, understanding the potential impact and escalating blockers to progress.
You will work with colleagues to enforce security standards across the society to prioritise vulnerability fixes, articulating technical terms into easy to understand language.
You will actively participate in and be accountable for high priority tasks and activities, designed to focus on specific threats to quickly resolve them, minimising the risk to Nationwide’s estate.
You will contribute to regulatory and critical reporting processes, providing assurance that our technology is secure.
A big part of the role is conducting research into new and existing security topics, ensuring that the Attack Surface Operations team are on the front-foot in protecting Nationwide. This keeps your knowledge current, and enables you to continue your own development.