Application Security Architect

Get AI-powered advice on this job and more exclusive features.

You will provide direction and solutions to product owners and delivery teams working on a variety of solutions for both colleagues and members. This will include developing solution overviews and designs, threat models, and architectural patterns.

This opportunity is within the Security Architecture team, part of Security and Resilience. The team has a challenging mandate to architect, engineer, and assure the delivery and consumption of effective and pragmatic security controls as an enabler for innovative solutions across our hybrid on-premises and cloud IT environments. We want your expertise within Nationwide to cement our reputation for always being there when it matters, with services that our members can trust.

At Nationwide, we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK-wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.

For this job, you'll spend at least two days per week, or if part-time, you'll spend 40% of your working time, based at either our Swindon, London, Bournemouth, Northampton, or Sheffield office. If your application is successful, your hiring manager will provide further details on how this works.

What you'll be doing

A Security Solution Architect within Nationwide offers a genuinely ever-changing day-to-day experience. Working closely with technology delivery teams, you will help to identify and document the key actors and architectural threats to Nationwide solutions; and where security policy, standards, and regulatory requirements apply, communicate in simple and actionable terms what compliance means.

In conjunction with Security and Resilience colleagues, you will identify solutions that mitigate threats within risk appetite and ensure that solution delivery is compliant with security policy, standards, and regulatory requirements.

You will be part of a team managing the technology controls framework ensuring a roadmap for maturity, coverage, and effectiveness is maintained. Coherent, repeatable, and practically consumable advice is critical to our efficiency and success, and you will be part of a team responsible for the creation of knowledge artifacts that provide practical thought leadership to our architecture and engineering colleagues.

The members of the team fulfill a number of different roles, and you will have the opportunity to use your existing knowledge and develop your skills and expertise between working with teams building critical member-facing applications, back-end systems, and future initiatives, producing architecture patterns, developing and improving the practices and services offered by the team, and potentially people management.

About you

You will have a background in hands-on technical roles such as operations, second- or third-line support, engineering, or development. We have several roles and are looking for a variety of candidates with different areas of specialist knowledge to work with different parts of the business. You will be able to show significant prior experience, interest, or aptitude in some of the following areas:

• Application, API, and CI/CD pipeline Security particularly in financial services systems such as payments and Open Banking and Fraud control
• Working with Developers understanding their problems helping find secure solutions
• Assuring and advising on secure systems design
• Creating patterns and other architecture artifacts
• Good knowledge of cryptography
• Threat Modelling using common industry techniques (such as STRIDE, Attack Trees, PnG), and working with a recognized risk framework to evaluate severity and priority.

On a more general level you will have:

• A good general appreciation of enterprise-wide security threats, controls, and principles across the above areas
• Experience or aptitude for threat evaluation and documenting enterprise-level architectural solutions that mitigate, or offer a risk-aligned roadmap to mitigation. Producing artifacts such as Security designs, patterns, and options papers.
• An appreciation of working with security policy, standards, and security audit findings, and producing them into clear and practical solutions.
• Experience working with and maintaining a security controls coverage and maturity framework (such as NIST CSF, ISO27001, CSA-CCF, MITRE) and enterprise policies and standards.
• Professional qualifications in security and relevant technologies and practices, with a passion for continual improvement
• Experience of people management

Our Customer First behaviors are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviors that resonate with you, and how you might have already demonstrated these.

• Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done - This is about prioritizing what will have the greatest impact, being decisive, and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

The extras you'll get

There are all sorts of employee benefits available at Nationwide, including:

• A personal pension – if you put in 7% of your salary, we’ll top up by a further 16%
• Up to 2 days of paid volunteering a year
• Life assurance worth 8x your salary
• A great selection of additional benefits through our salary sacrifice scheme
• Wellhub – Access to a range of free and paid options for health and wellness.
• Access to an annual performance-related bonus
• Access to training to help you develop and progress your career

• Mid-Senior level

• Full-time

• Information Technology