Application Security Engineer

Location: London or Swindon

It’s easy to misunderstand what Nationwide is like. Why? Because we’re not like a bank. We’re not like other financial services companies either. As a Security Engineer here, you’ll sit within a growing delivery team optimising user and member experience, working at the heart of our IT estate on our Financial Crime and Risk applications.

What you’ll be doing

You will be involved in all phases of the Software Development Lifecycle, thinking end to end. You will be the security engineering subject matter expert and will work alongside other engineers to deliver both technical and design outcomes as well as collaborating across other technical delivery and support areas, providing advice and consultancy.

It is worth mentioning that security engineers are mainly accountable for the Protect function of our enterprise cybersecurity framework.

• Engagement with programmes & projects to provide expert input from early life through to production support
• Accountable for Detailed Design for Security and Secure Programming
• Engineering of Secure Software solutions, including design & code reviews from security perspective
• Threat modelling
• Understanding the business impact of technical problems and be comfortable making risk assessments

About you

We are looking for an Application Security Engineer with experience in designing for security and secure programming – working as a security engineering subject matter expert across our verity of systems portfolio and more specifically on our Money Management digital programme.

You should have demonstrable experience in aspects of…

• Full appreciation of Software Development Lifecycles and knowledge of Agile and DevSecOps
• Programming languages (.Net, Java, Swift, JavaScript (preferably familiar with React JS)), and their strengths and weaknesses in regard to security and their application (Software development background is beneficial)
• General mobile security concepts (i.e. Secure enclaves, mobile IPC, Sandboxing, Code signing …)
• Web application vulnerabilities and security concepts (session management, XSS, CSRF, …)
• Application perimeter defence (i.e. Web Application Firewalls)
• API gateway and Service Mesh and their security implications (i.e. APIGEE, ISTIO…)
• Design for security, threat modelling and application security methodologies and frameworks (i.e. Microsoft SDL,OWASP ASVS…)
• Distributed systems security architectures (Microservices, containerisation, container orchestration systems [i.e. K8s], cloud application security concepts…)
• Security tokens, their design (i.e. SAML, JWT, Kerberos tickets) and application and limitations
• AWS cloud and AWS security models
• Cryptographic primitives and protocols and their applications and limitations

The extras you’ll get

If you put a lot in, it’s only fair you should get a lot out. So, if you help us do the right thing for our members, we’ll help further your career with us.

As part of our team you’ll get:

• Access to training to help you progress and develop your technical skills and career
• Pension scheme where if you pay in 7%, we’ll top it up to 23%
• Life assurance worth 8x your salary
• 25 days’ holiday plus bank holidays
• The ability to 'buy’ up to 10 days more holiday
• Flexible benefits scheme giving you access to discount vouchers at various retail outlets
• Access to an annual performance related bonus scheme

Why work at Nationwide

At Nationwide, we’re here for our members and we put their needs first in everything we do. And now, more than ever, two things are helping us go from strength to strength: we put our customers first, and we’re known for being open, honest and trustworthy.

We’re also the world’s largest building society, with communities at the heart of everything we do. We aim to do the right thing for our members which helps set us apart from our competitors. But we need good people to help us do it. People who understand what we believe in and have the talent and drive to keep us successful.

At Nationwide we have a strong ethic of care, and a genuine concern for each other and our members. We recognise that our employees feel most appreciated when their thoughts and values are respected and considered. We are committed to creating a culture that recognises and truly values our individual differences and identities. If you’d like to be a part of an inclusive workplace where you can be yourself, where your talents are nurtured, and you feel empowered to contribute then please apply and help us in building society, nationwide.

What to do next

If this role is for you, please click the ‘Apply Now’ button. You’ll need to attach your up to date CV and answer a few quick questions for us.

We respond to everyone, and so we will be in contact shortly after the closing date to let you know the outcome of your application.