Nationwide is investing £1.2b in Technology Transformation, so it's never been a more exciting time to join. Building high performing teams across the UK plays a huge part in this transformation, which is why we need skilled Senior Engineers to support the Building Society
In this role, you will be conducting technical assessments of Nationwide network infrastructure and banking applications.
You will be expected to work independently and proactively to ensure that penetration tests are completed successfully, and the findings are understood by key stakeholders. You will be joining a small team of dedicated and like-minded individuals to identify security vulnerabilities within the organisation and articulate risk to business stakeholders.
You will have significant experience in delivering penetration tests from scoping to reporting and triage activity. You will be able to perform tests across a wide range of system and software stacks.
Communication skills are vital for the role. You must be comfortable explaining the risks of identified findings to non-technical stakeholders.
At Nationwide we put our 15 million members at the centre of every decision we make as a business. Every role, no matter what it's doing, is member focused. Protecting our members data and finances is at the heart of what the Technical Vulnerability Management teams do. We operate technical controls to help ensure that vulnerabilities to our most critical systems are identified and appropriate action is taken. This role is no different, and as part of the Technical Vulnerability Identification (Penetration Test) team, this is an exciting opportunity to have a real impact on the security of our enterprise.What you'll be doing:
he Penetration Test team are united by a single, shared purpose: It's all about helping stakeholders across the Society to mitigate vulnerabilities identified in Penetration Tests. To support this, we are looking for an energetic and experienced security professional with a proven track record of penetration testing, stakeholder management, organisational skills, and prioritising work in high-pressure/high-tempo conditions.
As a Penetration Tester, you'll play a hugely important role in our Team. Your core responsibilities will be to perform penetration tests of new system deployments, become an active member of the Nationwide 'Red Team' and support the business to meet Strategic, Operational and external Compliance objectives.
In addition to the above, you will support the provision of management information relating to team performance and risk exposure, whilst ensuring we meet the pertinent Security Control Standards requirements. You will have the freedom to shape and continuously improve processes and workflows and you will be encouraged to obtain and maintain technical certifications to support your personal and professional career goals.About you.
The extra you'll get..
- Significant experience of undertaking Penetration Tests, for highly resilient solutions
- Detailed knowledge of Penetration testing tools, techniques and methodologies
- Extensive, demonstrable knowledge of security vulnerabilities and risk reduction methodologies
- Experience of undertaking both automated and manual application Penetration Testing assessments within Agile environments
- Experience in providing technical leadership and line management in a multi-supplier and multi-team environment
- Experience of security testing cloud services and API-based technologies
- Experience of leading Red Team engagements
- Industry recognised qualification e.g. CHECK, CREST, OSCP, QSTM (or equivalent)
- Be a resilient and highly motivated self-starter who relishes a challenge and is able to work independently or as part of a close-knit team
- An excellent understanding of common security and application security standards and compliance (e.g, OWASP, PCI-DSS).
- The ability to build strong relationships with DevOps and SecOps teams to develop and support a culture of 'built-for-security' and ensure testing requirements are progressed and findings are triaged and acted on accordingly
- Competence in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
- Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++
- Experience of an equivalent role at a large financial services provider within the last 3 years
- Experience in writing penetration/Red Team test reports in a timely manner using language which is accessible by technical SMEs as well as less technical stakeholders.
Our people's success isn't based on how long they spend at their desk. While you'll have contracted hours, we want to offer a flexible environment where possible. That might be working from home, logging on from other offices across the UK, or working part time or compressed hours.
There are all sorts of employee benefits available at Nationwide, including:
- A personal pension - if you put in 7% of your salary, we'll top up by a further 16%
- Up to 2 days of paid volunteering a year
- Life assurance worth 8x your salary
- A great selection of additional benefits through our salary sacrifice scheme
- Access to an annual performance related bonus
- Access to training to help you develop and progress your career
- 25 days holiday