Skip to main content Skip to job search

Application Security Engineer

Application Security Engineer

  • Location: Swindon, London, UK Wide
  • Salary: Competitive
  • Contract Type: Permanent
  • Ref: R002801310
  • Closing Date: 26 August 2019

Job description

Application Security Engineer

Location: Swindon & London


It’s easy to misunderstand what Nationwide is like. Why? Because we’re not like a bank. We’re not like other financial services companies either. As an Application Security Engineer here, you’ll sit within a growing delivery team optimising user and member experience, working at the heart of our IT estate on our Financial Crime and Risk applications

Who we're looking for

You. We hope, anyway. We are looking for an Application Security Engineer with experience in designing for security and secure programming – working as a security engineering subject matter expert across our verity of systems portfolio.

You should have demonstrable experience in aspects of…

• Full appreciation of Software Development Lifecycles and knowledge of Agile and DevSecOps
• Programming languages (.Net, Java, Swift, JavaScript (preferably familiar with React JS)), and their strengths and weaknesses in regard to security and their application (Software development background is beneficial)
• General mobile security concepts (i.e. Secure enclaves, mobile IPC, Sandboxing, Code signing …)
• Application perimeter defence (i.e. Web Application Firewalls)
• API gateway and Service Mesh and their security implications (i.e. APIGEE, ISTIO…)
• Design for security, threat modelling and application security methodologies and frameworks (i.e. Microsoft SDL,OWASP ASVS…)
• Distributed systems security architectures (Microservices, containerisation, container orchestration systems [i.e. K8s], cloud application security concepts…)
• Distributed SQL and NoSQL databases and the concept of eventual consistency and integrity assurance (i.e. Cassandra)
• Authentication and authorisation protocols (i.e. LDAP implementations [i.e. ActiveDirectory], Kerberos, OAuth2.0, OpenID Connect, Attribute Based Access Control (ABAC), Role Based Access Control (RBAC))
• Security tokens and their design (i.e. SAML, JWT, Kerberos tickets)
• AWS cloud and AWS security models
• Cryptographic primitives and protocols and their applications and limitations

What you'll be doing


You will be involved in all phases of the Software Development Lifecycle, thinking end to end. You will be the security engineering subject matter expert and will work alongside other engineers to deliver both technical and design outcomes as well as collaborating across other technical delivery and support areas, providing advice and consultancy. It is worth mentioning that security engineers are mainly accountable for the Protect function of our enterprise cybersecurity framework.

• Engagement with programmes & projects to provide expert input from early life through to production support
• Accountable for Detailed Design for Security and Secure Programming
• Engineering of Secure Software solutions, including design & code reviews from security perspective
• Threat modelling
• Understanding the business impact of technical problems and be comfortable making risk assessments

The extras you'll get

Feeling as though you belong means feeling valued, recognised and rewarded. We aim to give all of our people a good work-life balance, so you’ll receive your schedule in advance, helping you to work around your day-to-day life, and we show our support through the recognition and rewards scheme we offer:

We’d love it if you joined us. Click apply today and send us your CV to take the first step towards building society, nationwide. Please note: To help us do the right thing by our members, all applicants will be subject to a criminal record, credit check and references.

 

Work with PRIDE

Princes Responsible Business Network
Stonewall Diversity Champion
Business Disability Forum Member
(D&A) DIGITAL 1

Why work for us?

Nationwide is the world’s largest building society. But, however large we grow, we will never lose sight of what makes us different: our commitment to our members and to building our society in the right way. Our goal is to be more than a business. We want to be known as an organisation that is always open, honest and trustworthy, where people are helped, supported and loyal. After all, we’re a building society. So we’re building our ‘society’ with a sense of community and with a collective belief in the idea that we’re all here to help each other. That’s what we’re all about and that’s what makes us different.