Application Security Architect
Application Security Architect
- Location: Swindon Head Office, South West England
- Salary: Competitive
- Contract Type: Permanent
- Ref: R002801013
- Closing Date: 31 December 2099
We’re looking for a Security Architect to help us define and deliver the security architecture we require in the digital age.
• Based at our Head Office in Swindon, but with flexibility to work from home for up to two days per week – dependent on delivery pressures
• Salary Competetive dependent on skills and experience and includes a competitive benefits package
• Permanent opportunity, 35 hours a week
Nationwide is the world’s largest building society, one of the largest savings providers and one of the top three mortgages providers in the UK. At Nationwide our values are underpinned by the need to put our customers first. This is a driving force in every area of our business, making it an essential requirement if you’d like to work for us.
IT Strategy and Architecture is a vibrant and growing department within the Operations and Delivery community of Nationwide with a challenging mandate to architect and ensure the delivery of effective, manageable, innovative and pragmatic solutions across a range of portfolios for business and technology transformation.
Who we're looking for
The successful applicant will be a credible person armed with both a depth and breadth of experience in Enterprise Security Architecture (ESA) and have a practical knowledge of security reference architecture.
The applicant must also be able to demonstrate the use and working knowledge of the NIST Cyber Security Framework. Mapping and translating the NIST cyber Security Controls framework to other frameworks such as ISF and CIS.
In addition to demonstrating ability to translate NBS security specific data and strategic knowledge into artefacts within tight deadlines. The candidate must have exceptional documentation/presentation pack skills, which are needed to create and update ESA artefacts on an ongoing basis, at pace.
Furthermore, the successful candidate must have demonstrable stakeholder management and influencing skills up to the senior executive level, the successful applicant will also exhibit exemplary communication and collaboration skills. At Nationwide, Security Architects are expected to have the drive to develop both themselves and their colleagues, as well as helping to evolve the architectural function within Nationwide.
The applicant will have the ability and desire to quickly comprehend the functions, capabilities and benefits of security reference architecture, principles and technologies to support and help drive the ESA Architecture across Nationwide.
As a Minimum Requirement the Successful Applicant Will Have
Ability to build strong working relationships with both business and technical stakeholders to define comprehensive Architecture and Design solutions. The successful candidate will be able to champion Architecture through to delivery.
Experience designing, developing and deploying ESA solutions and liaising with key stakeholders including partners, vendors and wider technology community.
• A strong knowledge and understanding of the current application threat landscape (including OWASP Top 10, SANS Top 25 etc.) as well as the application security architecture domain best practices.
• A strong knowledge and understanding of the Secure Software Development Lifecycle /DevSecOps including domain best practices such as threat modelling, secure/defensive coding, static application security testing, dynamic application security testing, application security automation etc.)
• Strong experience of application security around microservices, containerization, API and cloud security automation and orchestration technologies (Docker, OpenShift, Kubernetes, CI/CD/, Jenkins).
• Knowledge of Frameworks, knowledge domain specific frameworks including BSIMM, OWASP SAMM, SABSA, TOGAF, NIST, ISF, CIS, CCM, CSA, OSA and MODAF.
• Demonstrate the ability to prepare and deliver presentations to key senior stakeholders on architectural approaches strategy and methodology.
• Proficient in collaboration tools (including JIRA, Visual Studio Team Services, Confluence, Bitbucket, Git etc) and excellent communication and interpersonal skills.
It would also be desirable for the successful candidate to have two or more of the following:
• Demonstrable experience/knowledge of OAuth 2.0, OpenID Connect, XACML, SCIM, Application DDoS, IDaAM, DLP, etc.
• Demonstrable experience/knowledge of software development methodologies including Agile-Scrum, Agile-Kanban, Waterfalls etc.
• Proven experience with driving formal product evaluations.
• Implementation and architecture experience with off-the-shelf, customizing, and solution build projects.
What you'll be doing
Working within our Enterprise Security Architecture team, the successful applicant will support the App. Sec. Lead in defining the security architecture solutions for major programmes and projects.
This is a high-profile role for self-starters and the successful candidate will be expected to support the delivery of security solutions in a challenging, fast paced project delivery environment.
As a significant investor in IT, there will be opportunities to work with suppliers and technology at the cutting-edge of cyber security, and the role contains an element of strategy.
Specifically, a Security Architect is required to
• Work closely with other architects to understand and deliver the agreed strategic outcomes for the security architecture function.
• Ensure solution integrity throughout the change lifecycle on projects and programmes
• Ensure that all solutions are fit for purpose, implementable, complete and align with maturing security strategies and standards
• Support our significant transformation agenda including a major cyber security programme and our digital roadmap
• Support our procurement process to identify and evaluate solution suppliers and future partners
• Work closely with our suppliers / partners to support the development of solutions and to also help inform the on-going development of our security roadmap
The extras you'll get
If you put a lot in, it’s only fair you should get a lot out. So, if you help us do the right thing for our customers, we’ll help further your career at Nationwide. As well as your salary, there’s life assurance, a pension and a recognition and rewards scheme. We think it’s a great place to work, and we’re not afraid of giving you praise when you’ve done well.
Work with PRIDE
Why work for us?
At Nationwide we’re here for our members and we put their needs first in everything we do. And now, more than ever, two things are helping us go from strength to strength: we put our customers first, and we’re known for being open, honest and trustworthy.
We’re also the world’s largest building society, with communities at the heart of everything we do. We aim to do the right thing for our members which helps set us apart from our competitors. But we need good people to help us do it. People who understand what we believe in and have the talent and drive to keep us successful.
At Nationwide we have a strong ethic of care, and a genuine concern for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We are committed to creating a culture that recognises and truly values our individual differences and identities. If you’d like to be a part of an inclusive workplace where you can be yourself where your talents are nurtured, and you feel empowered to contribute then please apply and help us in building society, nationwide.