- Location(s): UK Wide
- Salary: Competitive
- Contract Type: Permanent
- Ref: R00TR00458
- Closing Date: 25 June 2021
- We're happy to consider flexible working approaches for this role
In this role, you will be conducting technical assessments of Nationwide network infrastructure and banking applications.
You will be expected to work independently and proactively to ensure that penetration tests are completed successfully, and the findings are understood by key stakeholders.
You will be joining a small team of dedicated and like-minded individuals to identify security vulnerabilities within the organisation and articulate risk to business stakeholders.
You will have significant experience in delivering penetration tests from scoping to reporting and triage activity. You will be able to perform tests across a wide range of system and software stacks.
Communication skills are vital for the role. You must be comfortable explaining the risks of identified findings to non-technical stakeholders.
You will be required to undertake continuous training to meet the technical
At Nationwide we put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.
Protecting our members data and finances is at the heart of what the Technical Vulnerability Management teams do. We operate technical controls to help ensure that vulnerabilities to our most critical systems are identified and appropriate action is taken. This role is no different, and as part of the Technical Vulnerability Identification (Penetration Test) team, this is an exciting opportunity to have a real impact on the security of our enterprise.
What you’ll be doing
The Penetration Test team are united by a single, shared purpose: It's all about helping stakeholders across the Society to mitigate vulnerabilities identified in Penetration Tests. To support this, we are looking for an energetic and experienced security professional with a proven track record of penetration testing, stakeholder management, organisational skills, and prioritising work in high-pressure/high-tempo conditions.
As a Security Engineer (Penetration Tester), you’ll play a hugely important role in our Team. Your core responsibilities will be to perform penetration tests of new system deployments, become an active member of the Nationwide ‘Red Team’ and support the business to meet Strategic, Operational and external Compliance objectives.
In addition to the above, you will support the provision of management information relating to team performance and risk exposure, whilst ensuring we meet the pertinent Security Control Standards requirements. You will have the freedom to shape and continuously improve processes and workflows and you will be encouraged to obtain and maintain technical certifications to support your personal and professional career goals.
- Significant experience of undertaking Penetration Tests, for highly resilient solutions
- Detailed knowledge of Penetration testing tools, techniques and methodologies
- Extensive, demonstrable knowledge of security vulnerabilities and risk reduction methodologies
- Experience of undertaking both automated and manual application Penetration Testing assessments within Agile environments
- Experience in providing technical leadership and line management in a multi-supplier and multi-team environment
- Experience of security testing cloud services and API-based technologies
- Experience of leading Red Team engagements
- Industry recognised qualification e.g. CHECK, CREST, OSCP, QSTM (or equivalent)
- Be a resilient and highly motivated self-starter who relishes a challenge and is able to work independently or as part of a close-knit team
- An excellent understanding of common security and application security standards and compliance (e.g, OWASP, PCI-DSS).
- The ability to build strong relationships with DevOps and SecOps teams to develop and support a culture of ‘built-for-security’ and ensure testing requirements are progressed and findings are triaged and acted on accordingly
- Competence in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
- Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++
- Experience of an equivalent role at a large financial services provider within the last 3 years
- Experience in writing penetration/Red Team test reports in a timely manner using language which is accessible by technical SMEs as well as less technical stakeholders
We’re also interested in who you are as a person. Why? Because our membership is made up of so many different kinds of people, so we want our employees to be just as diverse. We’d love to hear about:
- Your values, and what makes you who you are
- How you’d make a difference to our members in this role
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you’ll get
Our people’s success isn’t based on how long they spend at their desk. While you’ll have contracted hours, we want to offer a flexible environment where possible. That might be working from home, logging on from other offices across the UK, or working part time or compressed hours.
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday
Why work at Nationwide
We’re a building society founded by ordinary people, our members, who came together to help each other get the most from their money, buy homes and save for their futures. For over 130 years, we’ve supported each other and our communities, and we’ve done the right thing for wider society too.
If you come to work here at Nationwide, you’ll be part of that. Part of something a bit different. And something really quite special.
What’s more, we have a strong ethic of care for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We’re committed to creating a culture that recognises and truly values our individual differences and identities. So if you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute, then please apply and help us in building society, nationwide.
What to do next
If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us.
We respond to everyone, and so we will be in contact shortly after the closing date to let you know the outcome of your application.