22 days ago
* A Senior Security Engineer in our Swindon Head office
* Target salary of £56,489 (Range from £50,840 - £73,436)
* This role is within the Operations & Delivery – Security team
* Closing date 9th of December (shortlisting taking place W/C 10th and interviews W/C 17th Dec)
Nationwide’s Members expect a first-class service which keeps their data secure. In our continuing support of this aim, our Security team is growing and looking for a Senior Security Engineer to be part of our Cyber Security Operations. You’ll need to be driven and passionate about information security, technically strong with a good understanding of security event management, threat intelligence and threat hunting.
This is a great opportunity to work in a rapidly evolving area, where you’ll provide day-to-day leadership, mentoring and management to a technical team of security engineers. The team are responsible for providing the infrastructure upon which security events are captured and analysed, they detect suspected or actual incursions across the estate. The engineering team closely supports front line monitoring for incidents and ensures they are understood, escalated, managed and remediated appropriately.
We embrace flexible working, so if you want to work from home sometimes, that’s fine. We believe in getting the job done in the way that works for both us and the business, which means you aren’t expected to be at a desk 9 – 5, Monday to Friday. We pride ourselves in our ‘one team’ approach and our drive for continuous improvement, both of which support our vision of protecting members’ interests and influencing business success.
Who we're looking for
You will play a significant part in delivering the Cyber Security Strategy, specifically in the field of Security Operations & Event Monitoring. You’ll be leading development & improvements of the SIEM platform and associated security technologies, and exerting influence over the target operating model for Nationwide’s security operations.
As a minimum you’ll;
* Have an industry recognised security qualification(s) with relevant hands on experience in Security Event Monitoring & Incident Response.
* Have sufficient experience of the following concepts, protocols and technologies, for example
* Standard network protocols such as TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP,
* Information security protection/detection and authentication systems (IDS, IPS, anti-virus, etc).
* Windows, Mac, UNIX and Linux operating systems,
* Network devices including Routers, Switches, and Firewalls.
* Have technical knowledge of enterprise IT platforms, ideally gained by performing simulated attacks or in responding to real ones, in a hands-on capacity, through penetration testing, security monitoring and/or incident response.
* Have experience of influencing at all levels, from senior stakeholders to team members, communicating clearly using non-technical and unambiguous language when required.
* Have experience with cyber security and compliance assessment in a regulated industry.
* Have experience of coaching and leading a team of Security professionals, creating trust and respect.
* Have an innovative mind-set with the ability to challenge existing approaches to cyber security, while supporting the business to deliver.
What you'll be doing
As a Senior Security Engineer, you will:
* Work closely with suppliers to build a detailed understanding of the working of their products and services that Cyber security use across the Society.
* Leverage intuition, security knowledge and a broad of array of tools and advanced security techniques to help us uncover and stay alert to malicious activity.
* Help deliver our Cyber Security initiatives, focusing on how we drive best value from controls, tooling integration & supporting technologies.
* Help improve our threat hunting capability and feed back into our detective capabilities and processes.
* Evaluate current levels of documentation and process maturity; implement changes to help maturity improvements.
* Leada team of Cyber Security professionals and liaise with both technical and non-technical teams throughout the business, including our strategic partners, in execution of our goals.
* Drive the on-going development of security monitoring use-cases, playbooks and response plans.
* Investigate suspicious and anomalous activity as a second line engineer, reaching conclusions and making recommendations for remediation and future monitoring
* Analyse security requirements, keeping up-to-date with evolving security threats and new technologies.