Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security solutions for innovative projects, ensuring compliance and mitigating risks.
- Company: Join Nationwide, a trusted financial institution focused on security and resilience.
- Benefits: Enjoy hybrid working, generous holidays, a personal pension plan, and wellness options.
- Why this job: Be part of a dynamic team shaping secure solutions that impact real lives.
- Qualifications: Experience in tech roles with a focus on application security and threat modeling required.
- Other info: Flexible office locations and a commitment to personal development.
The predicted salary is between 48000 - 84000 £ per year.
You will provide direction and solutions to product owners and delivery teams working on a viariety solutions for both colleagues and members. This will include developing solution overviews and designs, threat models, and architectural patterns.
This opportunity is within the Security Architecture team, and part of Security and Resilience. The team have a challenging mandate to architect, engineer and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expertise within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you\’ll spend at least two days per week, or if part time you\’ll spend 40% of your working time, based at either our Swindon, London, Bournemouth, Northampton or Sheffield office. If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.
What you\’ll be doing
A Security Solution Architect within Nationwide offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards and regulatory requirements apply, communicate in simple and actionable terms what compliance means.
In conjunction with Security and Resilience colleagues you will identify solutions that mitigate threats to within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.
You will be part of a team managing the technology controls framework ensuring a roadmap for maturity, coverage and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artefacts that provide practical thought leadership to our architecture and engineering colleagues.
The members of the team fulfil a number of different roles and you will have the opportunity to use your existing knowledge and develop your skills and expertise between working with teams building critical member facing applications, back-end systems and future initiatives, producing architecture patterns, developing and improving the practices and services offered by the team and potentially people management.
About you
You will have a background in hands on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in some of the following areas:
- Application, API, and CI/CD pipeline Security particularly in financial services systems such as payments and Open Banking and Fraud control
- Working with Developers understanding their problems helping find secure solutions
- Assuring and advising on secure systems design
- Creating patterns and other architecture artefacts
- Good knowledge of cryptography
- Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognised risk framework to evaluate severity and priority.
On a more general level you will have:
- A good general appreciation of enterprise-wide security threats, controls and principles across the above areas
- Experience or aptitude for threat evaluation and documenting enterprise-level architectural solutions that mitigate, or offer a risk aligned roadmap to mitigation. Producing artefacts such as Security designs, patterns, and options papers.
- An appreciation of working with security policy, standards, and security audit findings, and producing them into clear and practical solutions.
- Experience working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE) and enterprise policies and standards.
- Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement
- Experience of people management
Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.
- Say it straight – This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
- Push for better – This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
- Get it done – This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.
We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.
The extras you\’ll get
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Wellhub – Access to a range of free and paid options for health and wellness.
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday, pro rata
Nationwide Building Society | Application Security Architect employer: Nationwide Building Society
Contact Detail:
Nationwide Building Society Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Nationwide Building Society | Application Security Architect
✨Tip Number 1
Familiarize yourself with the specific security frameworks mentioned in the job description, such as NIST CSF and ISO27001. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and alignment with Nationwide's security practices.
✨Tip Number 2
Highlight any experience you have with threat modeling techniques like STRIDE or Attack Trees. Be prepared to share examples of how you've applied these methods in previous roles to mitigate risks effectively.
✨Tip Number 3
Showcase your ability to communicate complex security concepts in simple terms. This is crucial for working with product owners and delivery teams, so think of examples where you've successfully bridged the gap between technical and non-technical stakeholders.
✨Tip Number 4
Demonstrate your passion for continual improvement in security practices. Share any initiatives you've led or participated in that aimed at enhancing security measures or processes, especially in a financial services context.
We think you need these skills to ace Nationwide Building Society | Application Security Architect
Some tips for your application 🫡
Highlight Relevant Experience: Make sure to emphasize your hands-on technical experience in roles such as operations, support, or development. Clearly outline your expertise in application security, API security, and CI/CD pipeline security, especially within financial services.
Showcase Your Problem-Solving Skills: Demonstrate how you've worked with developers to identify security issues and find secure solutions. Use specific examples that illustrate your ability to communicate complex security concepts in simple terms.
Detail Your Knowledge of Security Frameworks: Mention your familiarity with security controls frameworks like NIST CSF, ISO27001, or MITRE. Provide examples of how you've contributed to maintaining or improving these frameworks in previous roles.
Align with Customer First Behaviours: Incorporate the Customer First behaviours into your application. Share instances where you have been honest and direct, pushed for better outcomes, and taken accountability for delivering results that positively impacted customers or members.
How to prepare for a job interview at Nationwide Building Society
✨Showcase Your Technical Expertise
Be prepared to discuss your hands-on experience in technical roles, especially in areas like application security, API security, and CI/CD pipeline security. Highlight specific projects where you successfully identified and mitigated security threats.
✨Understand the Security Landscape
Familiarize yourself with common industry techniques for threat modeling, such as STRIDE and Attack Trees. Be ready to explain how you've applied these techniques in previous roles to evaluate risks and develop architectural solutions.
✨Communicate Clearly and Effectively
Practice explaining complex security concepts in simple terms. This is crucial when discussing compliance with security policies and standards, as well as when advising developers on secure system design.
✨Demonstrate Customer-Centric Behaviors
Reflect on how you've put customers at the heart of your work in past roles. Share examples that align with Nationwide's 'Customer First' behaviors, such as being honest, aiming for improvement, and taking accountability for outcomes.
