Skip to main content Skip to job search
Future of Work: We're reimagining our world of work for all colleagues, not just those who were office based. Instilling a Work, Meet, Recruit, Live Anywhere ethos to allow colleagues to ‘locate for their day’. Find out more >

Security Architect - Applications

Security Architect - Applications

  • Location(s): UK Wide
  • Salary: Competitive
  • Contract Type: Permanent
  • Ref: R00TR00965
  • Closing Date: 12 December 2021
  • We're happy to consider flexible working approaches for this role

This opportunity is within the Enterprise Security Technology (EST) team, and part of the Architecture Centre of Excellence. EST have a challenging mandate to architect and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments.

At Nationwide we openly put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it’s doing, is member focused.

The Application Security Domain - Security Solution Architect opportunity is within the Enterprise Security Technology (EST) team. EST have a challenging mandate to architect and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expert guidance within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.   

What you’ll be doing

A Security Solution Architect within EST offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards and regulatory requirements apply, communicate in simple and actionable terms what compliance means.

In conjunction with Security and Resilience colleagues you will identify solutions that mitigate threats to within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.

You will be part of a team managing the EST technology controls framework ensuring a roadmap for maturity, coverage and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.

About you

  • Candidates should exhibit significant prior experience in the following areas:

    • Securing modern web, desktop and mobile application architectures (including microservices, event driven, serverless etc) and end to end digital solutions, providing thought leadership, defining security architecture and security engineering guardrails and leading technical delivery within agile development teams across the full development lifecycle.
    • Application Security Domain experience in the architecture, designing and engineering of scalable, supportable, and effective application security control capabilities from key industry suppliers (including static application security testing, dynamic application security testing, software composition analysis etc.) within our Continuous Integration/Continuous Delivery DevSecOps pipelines
    • Threat Modelling experience using common industry techniques (such as ISF, Mitre, STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.
    • Experience in working with and maintaining a security controls coverage and maturity framework (such as NIST, OWASP SAMM/BSIMM, SABSA, TOGAF, CSF, ISO27001, CSA-CCF, MITRE etc.).
    • A good general appreciation of enterprise-wide security threats (including OWASP Top 10 for web and mobile application, SANS Top 25 etc.), standards (including OAuth 2.0, OpenID Connect etc), technologies (including Docker, OpenShift, Kubernetes, CI/CD/, Jenkins) and application components (including containerization, API, security automation and orchestration etc)

    We’re also interested in who you are as a person. Why? Because our membership is made up of so many different kinds of people, so we want our employees to be just as diverse. We’d love to hear about:

    • Your values, and what makes you who you are
    • How you’d make a difference to our members in this role

     

    We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

The extras you’ll get

Our people’s success isn’t based on how long they spend at their desk. While you’ll have contracted hours, we want to offer a flexible environment where possible. That might be working from home, logging on from other offices across the UK, or working part time or compressed hours.

We’ve let you know about the flexibility available for this role at the start of the advert. This means you can quickly decide if it suits how you’d like to work.

There are all sorts of employee benefits available at Nationwide, including:

  • A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
  • Up to 2 days of paid volunteering a year
  • Life assurance worth 8x your salary
  • A great selection of additional benefits through our salary sacrifice scheme
  • Access to an annual performance related bonus
  • Access to training to help you develop and progress your career
  • 25 days holiday

Why work at Nationwide

We’re a building society founded by ordinary people, our members, who came together to help each other get the most from their money, buy homes and save for their futures. For over 130 years, we’ve supported each other and our communities, and we’ve done the right thing for wider society too.

If you come to work here at Nationwide, you’ll be part of that. Part of something a bit different. And something really quite special.

What’s more, we have a strong ethic of care for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We’re committed to creating a culture that recognises and truly values our individual differences and identities. So if you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute, then please apply and help us in building society, nationwide.

What to do next

If this role is for you, please click the ‘Apply Now’ button.  You’ll need to attach your up to date CV and answer a few quick questions for us.

We respond to everyone, and so we will be in contact shortly after the closing date to let you know the outcome of your application. 

#LI-Remote

Security Architect - Applications

Best Practice Awards Winner 2021 Resized
Mind Wellbeing Awards Gold Logo
Princes Responsible Business Network
Carer Confident Kitemark
Purple Space
Business Disability Forum Logo Small
Dc Badge Logo
Stonewall Logo Black 2021 Small
Tech%20She%20Can%20Logo%202021 04
Valuable 500 Logo
AFC Gold 2021 (2) (002)
TTC Signatory Logo (003)