Offensive Security Engineer
Anywhere (UK)
Monzo
Join over 9 million people with a Monzo bank account. Free current accounts, joint accounts and business banking for all! We make money work for everyoneAt Monzo, we’re aiming to build the best bank in the world. We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is extremely important to us.
We are looking for a highly experienced Offensive Security Engineer to join and help build a world-class Red Team and work alongside the Blue Team to help assess the effectiveness of specific security controls. The ideal candidate will be passionate about security testing and able to get into the mindset of an attacker. You’ll be able to plan and execute simulated attacks and red team engagements and effectively communicate risks to the business.
This role has a significant amount of time allocated to research and development to enable us to push the boundaries of Red Teaming in MacOS and microservices environments.
You will be excited about and committed to helping Monzo establish a public presence in the security arena by publishing research and presenting at hacking conferences on a regular basis.
Reporting to the Offensive Security Squad Lead, you'll work closely with the security function as well as the rest of the business to help reduce the likelihood of security vulnerabilities negatively impacting Monzo or our customers.
You’ll be expected to;
- Scope and execute:
- Red Team engagements that simulate the TTPs of known threat actors
- engagements alongside the Blue Team to test specific security controls
- penetration tests
- Research and develop cutting edge tools, techniques and exploits specific to our environments and services
- Effectively communicate findings and remediation advice to the business
- Work collaboratively and independently on specialised engagements, which will require expert knowledge in specific security domains
- Help Monzo meet and surpass regulatory requirements for information security
- Help mentor more junior members of the squad as it grows
You should apply if you have most or all of the following
- 5+ years experience in security testing
- An industry recognised qualification such as CREST CCSAS, CCT (APP or INF), OSCP or other equivalent
- Experience scoping and running Red Team engagements, particularly in MacOS and other, complex environments
- Experience using the MITRE ATT&CK framework for adversary simulations
- Knowledge of MacOS C2 frameworks and hacking techniques
- Experience performing security assessments on the following:
- Web and Mobile Applications
- APIs
- Infrastructure (Kubernetes)
- Experience working in microservices architecture environments
- Experience researching security topics and publishing your findings
- Experience with Programming/Scripting languages: GoLang, Bash, Python
- A bachelor's degree in computer science or equivalent work experience
- Experience working in a regulated environment
- The ability to think outside the box and apply creative thinking to problem solving
- An inquisitive and curious nature
- A passion and enthusiasm for security research/testing with a flair for presentation and communication.
Equal Opportunity Statement
At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.
We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.
#LI-Remote
#LI-CO1
#LI-DNI
Tags: APIs Bash Blue team Computer Science CREST Exploits Golang Kubernetes MacOS Microservices MITRE ATT&CK Offensive security OSCP Python Red team Scripting Security assessment TTPs Vulnerabilities
Perks/benefits: Conferences
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs