Data Security Engineer
Data Security Engineer
- Location: Swindon, London, Countrywide
- Salary: Competitive
- Contract Type: Permanent
- Ref: R002802138
- Closing Date: 05 June 2020
It’s easy to misunderstand what Nationwide is like. Why? Because we’re not like a bank. We’re not like other financial services companies either. As a Security Engineer here, you’ll sit within a growing delivery team optimising user and member experience, working at the heart of our IT estate on our Financial Crime and Risk applications.
What you’ll be doing
All Security Engineers will engage with the development teams at the pre-commit stage by helping them provision the cloud infrastructure and development environment including DevSecOps tools selection and configuration in consultation with our cloud centre of excellence.
Security engineers will help the teams carry out threat modelling, high level and detailed security designs working closely with Group Security and Enterprise Security Architecture. They will continue the engagement in the commit and acceptance stages by assisting the development team with tools configuration, security controls implementation, fuzzing, internal penetration testing and automated tools’ alerts investigation and remediation.
Each Security Engineer will also have a specialty. We will have regular security engineering forums, in which we consult with each other, looking at the problems from each of our specialties’ perspective. You will hopefully be our data security specialist.
We are looking for a Security Engineer with experience in designing for security and secure programming, specially from data security perspective – working as a data security engineering subject matter expert across our variety of systems portfolio.
You should have demonstrable experience in…
• Full appreciation of Software Development Lifecycles and knowledge of Agile and DevSecOps
• Design for security, threat modelling and application security methodologies and frameworks (i.e. Microsoft SDL,OWASP ASVS…)
• Cryptographic primitives and protocols and their applications and limitations
• Secure protocol design
• Authentication and authorisation protocols (i.e. LDAP implementations [i.e. ActiveDirectory], Kerberos, OAuth2.0, OpenID Connect, Attribute Based Access Control (ABAC), Role Based Access Control (RBAC))
• Security tokens and their design (i.e. SAML, JWT, Kerberos tickets)
• Distributed SQL and NoSQL databases and the concept of eventual consistency and integrity assurance (i.e. Cassandra)
You should have good general understanding of…
• General mobile security concepts (i.e. Secure enclaves, mobile IPC, Sandboxing, Code signing …)
• Application perimeter defence (i.e. Web Application Firewalls)
• API gateway and Service Mesh and their security implications (i.e. APIGEE, ISTIO…)
• Distributed systems security architectures (Microservices, containerisation, container orchestration systems [i.e. K8s], cloud application security concepts…)
• Cloud and Cloud security concepts and models.
The extras you’ll get
If you put a lot in, it’s only fair you should get a lot out. So, if you help us do the right thing for our members, we’ll help further your career with us.
As part of our team you’ll get:
• Access to training to help you progress and develop your technical skills and career
• Pension scheme where if you pay in 7%, we’ll top it up to 23%
• Life assurance worth 8x your salary
• 25 days’ holiday plus bank holidays
• The ability to 'buy’ up to 10 days more holiday
• Flexible benefits scheme giving you access to discount vouchers at various retail outlets
• Access to an annual performance related bonus scheme
Why work at Nationwide
At Nationwide, we’re here for our members and we put their needs first in everything we do. And now, more than ever, two things are helping us go from strength to strength: we put our customers first, and we’re known for being open, honest and trustworthy.
We’re also the world’s largest building society, with communities at the heart of everything we do. We aim to do the right thing for our members which helps set us apart from our competitors. But we need good people to help us do it. People who understand what we believe in and have the talent and drive to keep us successful.
At Nationwide we have a strong ethic of care, and a genuine concern for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We are committed to creating a culture that recognises and truly values our individual differences and identities. If you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute then please apply and help us in building society, nationwide.
What to do next
If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us. We’d also like to see a portfolio of some of your work.