Application Security Architect

You will provide direction and solutions to product owners and delivery teams working on a variety of solutions for both colleagues and members. This will include developing solution overviews and designs, threat models, and architectural patterns.

This opportunity is within the Security Architecture team, and part of Security and Resilience. The team has a challenging mandate to architect, engineer, and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expertise within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.

We are happy to consider flexible working approaches to help you perform at your best.

At Nationwide, we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK-wide estate while also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.

For this job, you’ll spend at least two days per week, or if part-time you’ll spend 40% of your working time, based at either our Swindon, London, Bournemouth, or Northampton office. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here .

If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.

What you’ll be doing

A Security Solution Architect within Nationwide offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams, you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards, and regulatory requirements apply, communicate in simple and actionable terms what compliance means.

In conjunction with Security and Resilience colleagues, you will identify solutions that mitigate threats within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.

You will be part of a team managing the technology controls framework ensuring a roadmap for maturity, coverage, and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.

The members of the team fulfil a number of different roles, and you will have the opportunity to use your existing knowledge and develop your skills and expertise between working with teams building critical member-facing applications, back-end systems, and future initiatives, producing architecture patterns, developing and improving the practices and services offered by the team, and potentially people management.

About you

You will have a background in hands-on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in some of the following areas:

• Application, API, and CI/CD pipeline security particularly in financial services systems such as payments and Open Banking and Fraud control.
• Working with Developers understanding their problems helping find secure solutions.
• Assuring and advising on secure systems design.
• Creating patterns and other architecture artefacts.
• Good knowledge of cryptography.
• Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.

On a more general level you will have:

• A good general appreciation of enterprise-wide security threats, controls, and principles across the above areas.
• Experience or aptitude for threat evaluation and documenting enterprise-level architectural solutions that mitigate or offer a risk-aligned roadmap to mitigation. Producing artefacts such as Security designs, patterns, and options papers.
• An appreciation of working with security policy, standards, and security audit findings, and producing them into clear and practical solutions.
• Experience working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE) and enterprise policies and standards.
• Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement.
• Experience of people management.

Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.

• Say it straight – This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better – This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done – This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

The extras you’ll get

There are all sorts of employee benefits available at Nationwide, including:

• A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
• Up to 2 days of paid volunteering a year
• Life assurance worth 8x your salary
• A great selection of additional benefits through our salary sacrifice scheme
• Wellhub – Access to a range of free and paid options for health and wellness
• Access to an annual performance-related bonus
• Access to training to help you develop and progress your career
• 25 days holiday, pro rata

What makes us different

Nationwide is the world’s largest building society. With over 15 million customers, we have a relationship with almost a quarter of the UK’s population. We’ve got the scale to compete with the big banks, but we’re not a bank.

As a building society, we’re owned by our members – that’s our customers who have their current account, mortgage, or savings with us. It means we can do things differently to deliver our Purpose – Banking – but fairer, more rewarding, and for the good of society.

When you work at Nationwide, you can experience that difference for yourself. You’ll be part of a high-performing, purpose-driven organisation that offers rewarding career experiences and a highly competitive range of benefits to match. You’ll also be joining us at an important time as we seek to reach more and more people in the UK. We want everyone in the UK to know that they don’t have to bank with a bank. They can choose a modern mutual instead.

What to do next

If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up-to-date CV and answer a few quick questions for us.

We respond to everyone, so we will be in contact shortly after the closing date to let you know the outcome of your application.

#LI-post

Resourcing Contact :

#J-18808-Ljbffr