Description:

As a member of the Starling cyber security team, you will be working with some of the industry's most talented cyber security professionals to protect Starling customers, company assets and systems using the latest technologies and techniques.

The primary objective for this role is to collaborate with, support, and guide Starling's engineering and operation functions to ensure our services are designed, developed and operated securely. As an experienced senior member of our penetration testing team you will directly interact with multiple areas of the business to understand requirements, define the scope and approach to testing (including undertaking appropriate research), and ensure the production of reporting information including alignment to our risk framework.

In addition, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation.

Requirements:

We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications.

Ideally, we would like:

5+ years technical information security experience.

Experience of mobile, web application, cloud and infrastructure penetration testing.

Strong technical knowledge in:

Mobile security (iOS and Android)

Web application security

Networking and associated protocols

Cloud security (AWS and GCP)

Containers and Kubernetes

A desire to learn, and ability to apply technical security knowledge to new and unfamiliar areas.

CREST, OSCP or similar industry penetration testing qualification

A good understanding of applied cryptographic techniques.

Reverse engineering and exploit development capabilities.

Experience of security testing in an agile SDLC.

Threat modelling experience.

Experience performing code reviews, particularly in Java and Go.

Experience of fulfilling a client facing security consulting role.

Excellent verbal and written communication skills.

Experience in automation of security testing, with previous development experience desirable.Responsibilities:

Scoping and performing mobile, web application, cloud, and infrastructure penetration tests.

Automation of security testing, and development of internal tooling, to achieve continuous assurance.

Collaboration with engineering teams to facilitate secure development, including:

Review and analysis of proposed technical solutions to identify appropriate security controls.

Input and guidance to security related technical architecture and design decisions.

Code review of features and critical security components.

Practical security testing.

Advising on remediation of security issues and processes to address root causes.

Security assurance reviews of third-party solutions.

Review, analysis and reporting of external threats relevant to Starling systems and solutions in the context of Starling's desired security posture.

Benefits:

Starling technology works in a hybrid pattern both from home and one of our three offices. We're open to applications from across the UK including fully remote, if you're hybrid our preference is that you're located within a commutable distance to either our London, Southampton or Cardiff office, so that we're able to see each other and collaborate in person too.

25 days holiday (plus take your public holiday allowance whenever works best for you)

An extra day's holiday for your birthday

Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off!

16 hours paid volunteering time a year

Salary sacrifice, company enhanced pension scheme

Life insurance at 4x your salary

Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton

Generous family-friendly policies

Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks

Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships About Us:

You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway.

We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Starling Bank is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.

Apply for this job